Rule:--Sid:1301--Summary:This event is generated when an attempt is made to exploit an authentication vulnerability in a web server or an application runningon that server.--Impact:Information gathering and system integrity compromise. Possible unauthorizedadministrative access to the server or application.--Detailed Information:This event is generated when an attempt is made to gain unauthorizedaccess to a web server or an application running ona web server. Someapplications do not perform stringent checks when validating thecredentials of a client host connecting to the services offered on ahost server. This can lead to unauthorized access and possibly escalatedprivileges to that of the administrator. Data stored on the machine canbe compromised and trust relationships between the victim server andother hosts can be exploited by the attacker.--Affected Systems:--Attack Scenarios:An attacker can access the authentication mechanism and supply his/herown credentials to gain access. Alternatively the attacker can exploitweaknesses to gain access as the administrator.--Ease of Attack:Simple. Exploits exist.--False Positives:None known.--False Negatives:None known.--Corrective Action:Disallow administrative access from sources external to the protectednetwork.Ensure the system is using an up to date version of the software and hashad all vendor supplied patches applied.--Contributors:Sourcefire Research TeamBrian Caswell <bmc@sourcefire.com>Nigel Houghton <nigel.houghton@sourcefire.com>--Additional References:--