How can I help you? Start Chat

US Phone: 1-866-488-6691
International Phone: +44-2036087492

  • E-Mail
  • Facebook
  • LinkedIn
  • Twitter

Check Point Advisories

Update Protection against VWar Remote File Inclusion Vulnerability

Check Point Reference: CPAI-2006-077
Date Published: 5 Jul 2006
Severity: Medium
Last Updated: 15 May 2007
Source: FrSIRT/ADV-2006-1228
Industry Reference:CVE-2006-1636
Protection Provided by:
Who is Vulnerable? Virtual War version 1.5.0-R12 and prior
Vulnerability Description Several vulnerabilities have been reported in Virtual War (VWar) due to input validation errors in several scripts. Remote attackers could exploit these vulnerabilities to include malicious files and compromise a vulnerable system.
Update/Patch AvaliableUpgrade to Virtual War version 1.5.0-R13 :
http://www.vwar.de/download.php
Vulnerability DetailsThese flaws are due to input validation errors in the "includes/get_header.php", "includes/functions_common.php" and "includes/functions_front.php" scripts that do not validate the "vwar_root" variable.

Protection Overview