Short Name |
HTTP:DIR:NOVELL-GROUPWSE-DIRTRA |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Novell GroupWise Admin Service FileUploadServlet Directory Traversal |
Release Date |
2014/09/29 |
Update Number |
2424 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects directory traversal attempts in Administration Service of Novell GroupWise 2014.A successful attack can lead to gain access to restricted files. This may lead to disclosure of sensitive information.
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN-2287.