|
Family: Misc. --> Category: attack
Hobbit Monitor config Command Directory Traversal Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tries to read a local file using hobbitd
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote server is affected by an information disclosure
vulnerability.
Description :
The version of the Hobbit Monitor daemon installed on the remote host
does not properly filter the argument to the 'config' command of
directory traversal sequences. An unauthenticated attacker can
leverage this flaw to retrieve arbitrary files from the affected host
subject to the rights of the user id under which hobbitd runs.
See also :
http://www.securityfocus.com/archive/1/442036/30/0/threaded
Solution :
Upgrade to Hobbit version 4.1.2p2 or later.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|