Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAnonymousZDI-07-060
HistoryOct 31, 2007 - 12:00 a.m.

Hewlett-Packard OpenView Radia Integration Server File System Exposure Vulnerability

2007-10-3100:00:00
Anonymous
www.zerodayinitiative.com
17

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.017 Low

EPSS

Percentile

87.5%

JSON

This vulnerability allows remote attackers to access arbitrary files on systems with vulnerable installations of Hewlett-Packard OpenView Radia Integration Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP server bound by default to TCP port 3465. Insufficient checks on URLs containing paths such as ‘~root’ allows attackers to access arbitrary files in the underlying OS. Accessing configuration files that contain LDAP and database credentials can lead to further compromise.

Related

securityvulns 4
cve 1
prion 1
securityvulns
securityvulns
HP OpenView Radia Integration Server directory traversal
2007-11-02 00:00:00
HPSBMA02279 SSRT071298 rev.1 - HP OpenView Configuration Management (CM) Infrastructure (Radia) and Client Configuration Manager (CCM) Running httpd.tkd, Remote Unauthorized Access to Data
2007-10-24 00:00:00
HP OpenView unauthorized access
2007-10-24 00:00:00
cve
cve
CVE-2007-5413
2007-10-29 22:46:00
prion
prion
Design/Logic Flaw
2007-10-29 22:46:00

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.017 Low

EPSS

Percentile

87.5%

JSON
Related for ZDI-07-060
securityvulns4cve1prion1