iSID Analyst Knowledge Base

Definitions, and additional context on iSID alerts along with helpful recommendations

SERVER-WEBAPP Red Hat CloudForms agent controller filename directory traversal attempt

This alert is triggered when detecting an attempt to exploit CVE-2013-2068 a directory traversal vulnerability in the Red Hat CloudForm agent controller. Red Hat CloudForms is a hybrid cloud management platform. This rule is particularly looking for signs of an attacker attempting to exploit the system by specifying a file path that navigates outside of the intended directory, potentially aiming to overwrite system files or place malicious scripts on the server.

SERVER-WEBAPP Red Hat CloudForms agent controller filename directory traversal attempt

This alert is triggered when detecting an attempt to exploit CVE-2013-2068 a directory traversal vulnerability in the Red Hat CloudForm agent controller. Red Hat CloudForms is a hybrid cloud management platform. This rule is particularly looking for signs of an attacker attempting to exploit the system by specifying a file path that navigates outside of the intended directory, potentially aiming to overwrite system files or place malicious scripts on the server.

SERVER-WEBAPP Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file upload attempt

This alert is triggered when detecting an attempt to exploit CVE-2013-5486 a directory traversal vulnerability in Cisco Prime Data Center Network Manager (DCNM). The Cisco Prime DCNM is a management solution for data centers. This rule is particularly looking for signs of an attacker trying to manipulate the fileUpload URI and upload files to unintended directories, potentially aiming to overwrite system files or place malicious scripts on the server.

SERVER-WEBAPP Cisco Prime Data Center Network Manager FileUploadServlet arbitrary file upload attempt

This alert is triggered when detecting an attempt to exploit CVE-2013-5486 a directory traversal vulnerability in Cisco Prime Data Center Network Manager (DCNM). The Cisco Prime DCNM is a management solution for data centers. This rule is particularly looking for signs of an attacker trying to manipulate the fileUpload URI and upload files to unintended directories, potentially aiming to overwrite system files or place malicious scripts on the server.

SERVER-WEBAPP Cisco Prime Data Center Network Manager processImageSave.jsp directory traversal attempt

This alert is triggered when detecting an attempt to exploit CVE-2013-5486 a directory traversal vulnerability in Cisco Prime Data Center Network Manager (DCNM) The Cisco Prime DCNM is a management solution for data centers. This rule is particularly looking for requests aimed to manipulate the 'chartid' parameter to gain unauthorized access to files and directories outside the intended path.