CA Unified Infrastructure Management < 8.4 SP2 Multiple Information Disclosure Vulnerabilities (CA20161109-01)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

A web application running on the remote host is affected by multiple
information disclosure vulnerabilities.

Description :

According to its self-reported version number from the CA Unified
Management Portal (UMP), the CA Unified Infrastructure Management
(UIM) application running on the remote host is prior to 8.4 SP2. It
is, therefore, affected by multiple information disclosure
vulnerabilities :

- An information disclosure vulnerability exists in the
download_lar.jsp servlet due to a flaw that allows
traversing outside of a restricted path. An
unauthenticated, remote attacker can exploit this
vulnerability, via a specially crafted request, to read
arbitrary files. (CVE-2016-5803)

- An information disclosure vulnerability exists in the
diag.jsp servlet due to a flaw that allows traversing
outside of a restricted path. An unauthenticated, remote
attacker can exploit this vulnerability, via a specially
crafted request, to read arbitrary files.
(CVE-2016-9164)

- An information disclosure vulnerability exists in the
get_sessions servlet that allows an unauthenticated,
remote attacker to disclose session IDs via a specially
crafted request. The session ID can then be used to
hijack a user's session. (CVE-2016-9165)

See also :

http://www.nessus.org/u?019b0f45

Solution :

Upgrade to CA UIM version 8.4 SP2 or later. The vendor recommends
upgrading to the latest version (8.47) if possible.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 95662 ()

Bugtraq ID: 94243
94257
94257

CVE ID: CVE-2016-5803
CVE-2016-9164
CVE-2016-9165

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now