Hobbit Monitor < 4.1.2p2 config Command Traversal Arbitrary File Access

Medium Nessus Network Monitor Plugin ID 3699

Synopsis

The remote host is vulnerable to a Directory Traversal flaw.

Description

The remote host is running Hobbit Monitor, a web-based host/network monitoring software. This version of Hobbit Monitor is prone to a flaw where remote attackers can use the 'config' command to access confidential files. To exploit this issue, the attacker would connect to the Hobbit application (typically on port 1984) and send a 'config ../../../../../&lt;filename&gt;' request. Successful exploitation would result in the attacker gaining access to confidential data.

Solution

Upgrade to version 4.1.2p2 or higher.

See Also

http://hobbitmon.sourceforge.net

Plugin Details

Severity: Medium

ID: 3699

File Name: 3699.prm

Family: CGI

Published: 2006/08/03

Modified: 2016/02/05

Dependencies: 1442

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:U/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 5.1

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS3#E:F/RL:U/RC:C

Reference Information

CVE: CVE-2006-4003

BID: 19317