Hi there,
we're getting a lot of alerts for exploit P1410 but the affected files seem to be a simple archive script included in a lot of apps like coppermine, joomla extensions, CMS Made Simple and so on. The apparently bad file is even included in official sources of the named products. I don't know if maybe some malware used partially the same code as the legitimate script and now all are matched to be an exploit?
Example files:
cmsmadesimple:
http://svn.cmsmadesimple.org/svn/cmsmad ... /untgz.php
b2evolution:
https://raw.githubusercontent.com/b2evo ... chives.php
coppermine:
https://github.com/coppermine-gallery/c ... rchive.php
Thank you very much for checking, I hope there is a quick fix or explanation.
- Sandro
false positive P1410 and cmsmadesimple/coppermine etc.?
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: false positive P1410 and cmsmadesimple/coppermine etc.?
Just had a quick look - If you update as follows it should now be resolved:
Code: Select all
rm -fv /etc/cxs/new.fp
cxs -URe: false positive P1410 and cmsmadesimple/coppermine etc.?
Thank you for your very quick reply!
I just tried that and uploaded one of the mentioned files but it still was matched as P1410. Just to be sure: I don't have to restart the service after the upgrade, right?
I just tried that and uploaded one of the mentioned files but it still was matched as P1410. Just to be sure: I don't have to restart the service after the upgrade, right?
Re: false positive P1410 and cmsmadesimple/coppermine etc.?
I did it again and now it works. No clue why I had to do it twice but thank you very much for your help! :-)