EMC Navisphere Manager Directory Traversal and Information Disclosure Vulnerabilities

vendor:

Navisphere Manager

by:

SecurityFocus

7.5

CVSS

HIGH

Directory Traversal and Information Disclosure

CWE

Product Name: Navisphere Manager

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

EMC Navisphere Manager Directory Traversal and Information Disclosure Vulnerabilities

EMC Navisphere Manager is affected by directory traversal and information disclosure vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A remote unauthorized user can disclose the contents of arbitrary local files through the use of directory traversal strings '../'. An attacker can also obtain the contents of arbitrary directories by appending a '.' to the end of a request. Exploitation of these vulnerabilities could lead to a loss of confidentiality and information disclosure.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14487/info

EMC Navisphere Manager is affected by directory traversal and information disclosure vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

A remote unauthorized user can disclose the contents of arbitrary local files through the use of directory traversal strings '../'. An attacker can also obtain the contents of arbitrary directories by appending a '.' to the end of a request. Exploitation of these vulnerabilities could lead to a loss of confidentiality and information disclosure. 

http://www.example.com/../../../../../../../EMC/NAVISPHERE/common/log/navimon.log
http://www.example.com/.