icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Hobbit Monitor < 4.1.2p2 config Command Traversal Arbitrary File Access

Medium

Synopsis

The remote host is vulnerable to a Directory Traversal flaw.

Description

The remote host is running Hobbit Monitor, a web-based host/network monitoring software. This version of Hobbit Monitor is prone to a flaw where remote attackers can use the 'config' command to access confidential files. To exploit this issue, the attacker would connect to the Hobbit application (typically on port 1984) and send a 'config ../../../../../<filename>' request. Successful exploitation would result in the attacker gaining access to confidential data.

Solution

Upgrade to version 4.1.2p2 or higher.