HP Systems Insight Manager logfile Parameter Arbitrary File Download
High Nessus Plugin ID 50349
SynopsisThe remote Windows host contains software that is affected by an arbitrary file download vulnerability.
DescriptionHP Systems Insight Manager is affected by an arbitrary file download vulnerability that can be leveraged by a remote attacker to download files of their choosing.
If an attacker supplies a specially crafted HEAD request to the 'logfile' variable in 'switchFWInstallStatus.jsp', an arbitrary file can be read with SYSTEM or root privileges.
SolutionInstall HP Systems Insight Manager 6.0 / 6.1 September 2010 Hotfix or later, or upgrade to 6.2.