Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
APP:NOVELL:REPORTER-SRS |
|---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Novell File Reporter SRS Arbitrary File Retrieval |
Release Date |
2013/08/04 |
Update Number |
2287 |
Supported Platforms |
idp-4.0+, isg-3.4+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
APP: Novell File Reporter SRS Arbitrary File Retrieval
This signature detects a known vulnerability against Novell File Reporter. It is caused by insufficient authentication when handling SRS requests. An remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted request to the server. Successful exploitation could result in arbitrary file retrieval with SYSTEM privileges.
Extended Description
Absolute path traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record.
Affected Products
- Novell file_reporter 1.0.2
References
- CVE: CVE-2012-4957