Short Name |
APP:HPOV:INT-MGMT-CTR-DIRTRAV |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
HP Intelligent Management Center Reporting Information Disclosure |
Release Date |
2010/10/07 |
Update Number |
1787 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known information disclosure vulnerability in HP Intelligent Management Center. It is due to insufficient input validation when processing HTTP request parameters. Using directory traversal characters, a remote unauthenticated attacker can leverage this to view the file contents of arbitrary files on a target system.
3Com Intelligent Management Center is prone to multiple directory-traversal, cross-site scripting, and information-disclosure vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will allow an attacker to traverse through arbitrary directories and gain access to sensitive information, view local files in the context of the webserver process, and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. 3Com Intelligent Management Center 3.3 SP1 and 3.3.9 are vulnerable; other versions may also be affected.