SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP Trihedral VTScada WAP URI null byte injection attempt
Directory traversal vulnerability in the WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to read arbitrary files via a crafted pathname. Impact: CVSS base score 9.1 CVSS impact score 5.2 CVSS exploitability score 3.9 confidentialityImpact HIGH integrityImpact HIGH availabilityImpact HIGH Details: Ease of Attack:
This rule alerts when an attempt to exploit a null byte injection in VTScada WAP is detected.
No public information
No known false positives
Talos research team. This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology. For more information see [nvd].
No rule groups
Local File Inclusion
Local File Inclusion (LFI) attackers attempt to trick the web server into executing a file local to its own file system. The attacker might have saved the file there in another way first, or the target file could be a local executable that should not be accessible to the web server otherwise. A successful LFI can lead to data leaks or remote code execution. Avoid dynamic inclusion of user input files, or whitelist files that may be included.
CVE-2016-4532 |
Loading description
|
Tactic: Initial Access
Technique: Exploit Public-Facing Application
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org
©2025 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
