Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:NOVELL:ZENWORKS-INFODISC
Severity	Minor
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	Novell ZENWorks Asset Management rtrlet Component Information Disclosure
Release Date	2012/10/17
Update Number	2194
Supported Platforms	di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Novell ZENWorks Asset Management rtrlet Component Information Disclosure

This signature detects attempts to exploit an information disclosure vulnerability in Novell ZENworks Asset Management. Due to insufficient sanitization of user input, attackers can gain access to arbitrary files on the targeted system.

Extended Description

The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function.

Affected Products

Novell zenworks_asset_management 7.5

References

BugTraq: 55933
CVE: CVE-2012-4933

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Novell ZENWorks Asset Management rtrlet Component Information Disclosure

Extended Description

Affected Products

References