|Check Point Reference:||CPAI-2015-0464|
|Date Published:||13 Apr 2015|
|Last Updated:||14 Nov 2018|
|Protection Provided by:||
|Who is Vulnerable?||PHP Web Servers|
|Vulnerability Description||There are known Variables of an attempt to upload a web shell backdoor to a PHP server. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks.|
This protection detects attempts to upload a web shell backdoor.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update.For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: Web Server Enforcement Violation.
Attack Information: PHP Web Shells Malicious Known Variables