cancel
Showing results for 
Search instead for 
Did you mean: 

User Access Logs - weird entries

_Legacy_
New Contributor

User Access Logs - weird entries

MAG SM360 on PCS 8.1:

 

Obviously all of the PCS 8.x versions are EOL now, but the user cannot upgrade to 9.x as the MAG SM360 cannot run this software.

 

Logs show the following,

 

[127.0.0.1] System()[] - InvalidUrl: /dana-na/  ..  /dana/html5acc/guacamole/ .. ..  etc/passwd?/dana/html5acc/guacamole/

 

We thought maybe they are from someone Penetrating Testing/Vulnerability Scanning, but they come from the localhost address and various IP Addresses which are from legitimate partners they work with.


Found this PRS but don't think it's related and checking through the documentation cannot see it being listed as fixed.

 

Known Issue: PRS-329563 invalid URL via core access.

 

Any ideas why this is happening and if it can be stopped?

 

(admin: removed repeating directory traversal)

 

2 REPLIES 2
kita
Regular Contributor

Re: User Access Logs - weird entries

What version of 8.1RX are you running. In general, I would advise upgrade to the latest patch version as previous versions of 8.1RX are vulnerable to the following security issue.

zanyterp
Moderator

Re: User Access Logs - weird entries

in addition to what kita mentioned, this is not supported on 8.1
do you have other devices on newer software that use the same hostname?