Hobbit Monitor < 4.1.2p2 config Command Traversal Arbitrary File Access
Medium Nessus Network Monitor Plugin ID 3699
SynopsisThe remote host is vulnerable to a Directory Traversal flaw.
DescriptionThe remote host is running Hobbit Monitor, a web-based host/network monitoring software. This version of Hobbit Monitor is prone to a flaw where remote attackers can use the 'config' command to access confidential files. To exploit this issue, the attacker would connect to the Hobbit application (typically on port 1984) and send a 'config ../../../../../<filename>' request. Successful exploitation would result in the attacker gaining access to confidential data.
SolutionUpgrade to version 4.1.2p2 or higher.