Preemptive Protection against EMC Navisphere Manager Directory Traversal Vulnerability
| Attack ID: | CPAI-2005-114 |
 |
|
| Publish Date: | |
|
|
| Category: | Directory Traversal |
|
|
| Vulnerable Systems: | Navisphere Manager Base version 6.4.1.0.0 |
|
|
| Source: | iDEFENSE Security Advisory 08.05.05 |
|
|
| Description: | EMC Navishepre is a storage management software that provides central management of EMC CLARiiON storage. A directory traversal vulnerability exists in Navisphere Manager that could allow an attacker to retrieve arbitrary files and directory listings from system running Navishere Manager. Successful exploitation allows remote attackers to gain access to files on the target system. |
|
|
| Severity: | |
| Details: | The vulnerability exists due to a lack of validation of HTTP requests. if successfully exploited, this vulnerability could grant an attacker access to files located outside of the permitted directory structure. |
|
|
| Attack Detection: | Users of VPN-1 NG with Application Intelligence R55W, users of VPN-1 NGX R60 and users of Connectra who have applied the solution outlined below, will identify attack attempts by the following SmartView Log entry: Information: reason: WSE0090001 directory traversal overflow |
|
|
| Solution: | Users of VPN-1 NG with Application Intelligence R55W and users of VPN-1 NGX R60 who have applied the solution outlined in CPAI-2005-25 are preemptively protected against this vulnerability. |
|
|
| Industry Reference: | CAN-2005-2357 |
|
|
| Additional Information: | |