SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP smartsearch.cgi access
This event is generated when a remote user attempts to access smartsearch.cgi on a web server. This may indicate an attempt to exploit an arbitrary code execution vulnerability in Smart Search, a "pay-per-click" search engine. Impact: Arbitrary code execution. Details: Smart Search "pay-per-click" search engine software contains a vulnerability that allows code execution using a specially-crafted URL. Using the "keywords" parameter accepted by smartsearch.cgi, an attacker can pass arbitrary Perl code to the web server, which will then attempt to execute it. Ease of Attack: Simple. An exploit exists.
No information provided
No public information
Known false positives, with the described conditions
If a legitimate remote user accesses smartsearch.cgi, this rule may generate an event.
Cisco Talos Brian Caswell Jen Harvey
No rule groups
None
No information provided
None
©2025 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
