Check Point Advisories

Update Protection against VWar Remote File Inclusion Vulnerability

Check Point Reference: CPAI-2006-077
Date Published: 5 Jul 2006
Severity: Medium
Last Updated: 15 May 2007
Source: FrSIRT/ADV-2006-1228
Industry Reference:CVE-2006-1636
Protection Provided by:
Who is Vulnerable? Virtual War version 1.5.0-R12 and prior
Vulnerability Description Several vulnerabilities have been reported in Virtual War (VWar) due to input validation errors in several scripts. Remote attackers could exploit these vulnerabilities to include malicious files and compromise a vulnerable system.
Update/Patch AvaliableUpgrade to Virtual War version 1.5.0-R13 :
http://www.vwar.de/download.php
Vulnerability DetailsThese flaws are due to input validation errors in the "includes/get_header.php", "includes/functions_common.php" and "includes/functions_front.php" scripts that do not validate the "vwar_root" variable.

Protection Overview

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO