Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Hobbit Monitor < 4.1.2p2 config Command Traversal Arbitrary File Access

Medium

Synopsis

The remote host is vulnerable to a Directory Traversal flaw.

Description

The remote host is running Hobbit Monitor, a web-based host/network monitoring software. This version of Hobbit Monitor is prone to a flaw where remote attackers can use the 'config' command to access confidential files. To exploit this issue, the attacker would connect to the Hobbit application (typically on port 1984) and send a 'config ../../../../../<filename>' request. Successful exploitation would result in the attacker gaining access to confidential data.

Solution

Upgrade to version 4.1.2p2 or higher.