|
Family: CGI abuses --> Category: infos
HP Systems Management Homepage Namazu lang Directory Traversal Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for namazu lang parameter directory traversal vulnerability in HP Systems Management Homepage
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a CGI script that is affected by an
directory traversal flaw.
Description :
The remote host appears to be running HP Systems Management Homepage
(SMH), a web-based management interface for ProLiant and Integrity
servers.
The version of HP SMH on the remote host includes a version of the
search engine Namazu that reportedly fails to validate user input to
the 'lang' parameter of the 'namazu.cgi' script. A possible hacker may be
able to exploit this issue to access files on the remote host via
directory traversal.
See also :
http://www.securityfocus.com/archive/1/426345/30/0/threaded
Solution :
Update HP SMH's .namazurc configuration file according to the vendor
advisory.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|