Intrusion Prevention

BASE.Base.QRY.Common.Remote.File.Inclusion

Description

It indicates a possible attack against a File Inclusion vulnerability in Basic Analysis and Security Engine (BASE).
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling include files in the URI. It allows a remote attacker to execute arbitrary code via sending a crafted web request.

Affected Products

Basic Analysis and Security Engine (BASE) versions before 2.10.8

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Update to BASE Basic Analysis and Security Engine 1.2.5
http://sourceforge.net/projects/secureideas/files/

CVE References

CVE-2006-2685