HP Data Protector Media Operations DBServer opcode 0x10 Traversal Arbitrary File Access

medium Nessus Plugin ID 58387

Synopsis

The remote service is affected by a remote directory traversal vulnerability.

Description

HP Data Protector Media Operations is affected by a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Successfully exploiting the issue may allow an attacker to obtain read arbitrary files that could aid in further attacks.

Solution

Limit access to this service as there is no known fix currently.

See Also

http://aluigi.altervista.org/adv/hpdpmedia_1-adv.txt

Plugin Details

Severity: Medium

ID: 58387

File Name: hp_data_protector_0620_path_traversal.nasl

Version: 1.10

Type: remote

Family: Misc.

Published: 3/19/2012

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:hp:storage_data_protector_media_operations

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 11/4/2011

Reference Information

BID: 50531