Intrusion Prevention

ASPXSpy.Webshell

Description

This indicates a potential .NET ASP webshell upload. A malicious user may use this script to further compromise the targeted host.

Affected Products

N/A

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Configure a Worker Process Identity (WPI) for an application pool.

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date	Version	Status	Detail
2020-10-21	16.947	Modified	Name:ASPXSpy. Detection:ASPXSpy. Webshell
2020-10-21	16.947	Modified	Severity:low:medium
2020-08-12	15.904	Modified	Sig Added
2020-07-27	15.894	Modified	Sig Added

ID	15558
Created	Mar 31, 2009
Updated	Nov 15, 2021
CVE ID
Risk
Exploit Prediction Score	57.88%
Default Action	drop
Active
Affected OS	Windows
Affected App	Other
Profile Type	Permission/Privilege/Access Control

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Intrusion Prevention

ASPXSpy.Webshell

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Intrusion Prevention

ASPXSpy.Webshell

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

Threat Intelligence
Center