1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP BadBlue Webserver BO

HTTP BadBlue Webserver BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects a buffer-overflow vulnerability in the BadBlue, which is a webserver application.

Additional Information

BadBlue is a webserver application that allows users to share files.

The application is prone to multiple remote vulnerabilities:

- A buffer-overflow vulnerability occurs because the application fails to perform adequate boundary checks on user-supplied data. Specifically, this issue affects the 'PassThru' command of the 'ext.dll' library when copying data into the 4096-byte buffer using the 'strcpy()' function.

- A directory-traversal vulnerability occurs because the application fails to sufficiently sanitize user-supplied input. Specifically, it fails to sanitize directory-traversal strings '(../)' contained in a filename before uploading the file onto the webserver.

An attacker can exploit these issues to upload arbitrary files outside the destination folder (and potentially overwrite existing files), execute arbitrary code within the context of the affected application, or crash the affected application.


  • BadBlue BadBlue 2.72b


Download and install all vendor patches related to this vulnerability.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube