Short Name |
HTTP:DIR:NOVELL-ZENWORKS-TRAV |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Novell ZENworks Configuration Management Information Disclosure |
Release Date |
2013/11/08 |
Update Number |
2318 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Novell ZENworks Configuration Management. Attackers can submit a malicious directory traversal attack, which can lead to information disclosure and arbitrary file download.
Directory traversal vulnerability in the GetFle method in the umaninv service in Novell ZENworks Configuration Management (ZCM) 11.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename parameter in a GetFile action to zenworks-unmaninv/.