HP OpenView Network Node Manager OpenView5.exe Action Parameter Traversal Arbitrary File Access

medium Nessus Plugin ID 31860

Synopsis

The remote web server contains a CGI script that is prone to a directory traversal attack.

Description

The version of HP OpenView Network Node Manager installed on the remote host fails to completely sanitize user input to the 'Action' parameter of the 'OpenView5.exe' CGI script. Using a value with directory traversal sequences containing slashes rather than backslashes, an unauthenticated, remote attacker can exploit this issue to view arbitrary files on the remote host, subject to the privileges under which the web server operates.

Solution

Apply the appropriate patch / archive file as discussed in the vendor advisory above.

See Also

http://aluigi.altervista.org/adv/closedviewx-adv.txt

https://www.securityfocus.com/archive/1/490771/30/0/threaded

https://secuniaresearch.flexerasoftware.com/secunia_research/2008-4/advisory/

https://www.securityfocus.com/archive/1/490834/30/0/threaded

https://seclists.org/bugtraq/2008/Jul/54

Plugin Details

Severity: Medium

ID: 31860

File Name: openview_nnm_action_dir_traversal.nasl

Version: 1.21

Type: remote

Family: CGI abuses

Published: 4/15/2008

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Exploited by Nessus: true

Reference Information

CVE: CVE-2008-0068

BID: 28745

CWE: 22

Secunia: 29796