Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:MISC:NETIQ-DIR-TRAVERSAL

Severity

 Minor

Recommended

 Yes

Recommended Action

 Drop

Category

 HTTP

Keywords

 Micro Focus NetIQ Access Manager Identity Server Directory Traversal

Release Date

 2018/02/14

Update Number

 3037

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Micro Focus NetIQ Access Manager Identity Server Directory Traversal


This signature detects attempts to exploit a known vulnerability against Micro Focus NetIQ Access manager Identity Server.A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the target server. Successful exploitation results in the disclosure of arbitrary file contents accessible by the target process.

Extended Description

In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system.

Affected Products

  • Netiq access_manager 4.3
  • Netiq access_manager 4.4

References

  • CVE: CVE-2017-14803
  • URL: http://www.zerodayinitiative.com/advisories/zdi-18-131/
  • URL: https://www.novell.com/support/kb/doc.php?id=7022443

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out