This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
The remote host has a web application that is affected by a remote
code execution vulnerability.
The NetIQ Privileged User Manager install hosted on the remote web
server contains a flaw that is triggered when an error occurs in the
'ldapagnt_eval()' function when parsing requests. An unauthenticated
attacker could exploit this flaw to execute arbitrary code with SYSTEM
Nessus was able to exploit this vulnerability via a specially crafted
POST request and create a remotely-accessible file on the web server.
See also :
Apply NetIQ Privileged User Manager 2.3.1 HF2 (2.3.1-2) or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 9.5
Public Exploit Available : true
Family: CGI abuses
Nessus Plugin ID: 62992 ()
Bugtraq ID: 56539
CVE ID: CVE-2012-5932
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.