|Check Point Reference:||CPAI-2013-1658|
|Date Published:||18 Apr 2013|
|Protection Provided by:||
|Who is Vulnerable?|| BigAntSoft BigAnt Server 2.97 SP7 and prior |
|Vulnerability Description||An arbitrary file upload vulnerability exists in BigAnt Server. The vulnerability is due to lack of authentication and a directory traversal weakness in processing a DUPF command. Remote unauthenticated attackers can exploit this vulnerability by sending malicious requests to the target server. Successful exploitation would result in arbitrary code execution with the privileges of the System user.|
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.
SmartView Tracker will log the following entries:
Attack Name: Instant Messenger
Attack Information: BigAnt Server DUPF Command Arbitrary File Upload