Rule:

--
Sid:
4128

--
Summary:
This event is generated when an attempt is made to exploit a known
vulnerability in 4D WebSTAR.

--
Impact:
Information disclosure.

--
Detailed Information:
A vulnerability exists in 4D WebSTAR that may allow an unauthenticated
user to gain privileged information about the application and the host
running a vulnerable version of the software.

--
Affected Systems:
	4D WebSTAR 5.3.2 and prior

--
Attack Scenarios:
An attacker can make a request to ShellExample.cgi with a directory path
and using an asterisk as the query string following the path. The
application will then return a directory listing for the system.

--
Ease of Attack:
Simple. Exploit software is not required.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Upgrade to the most current non-affected version of the product.

--
Contributors:
Sourcefire Vulnerability Research Team
Alex Kirk <akirk@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References

--
