Update Protection against HP Intelligent Management Center Reporting Information Disclosure Vulnerability
| Check Point Reference: | CPAI-2010-222 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA39891 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? HP Intelligent Management Center prior to 3.3 SP2 (R2606P13) | ||
| Vulnerability Description An information disclosure vulnerability has been reported in HP Intelligent Management Center (IMC). HP 3Com IMC is a modular management system designed to integrate the management of devices, services and users. A remote unauthenticated attacker could exploit this issue to view the file contents of arbitrary files on a target system. This may lead to disclosure of sensitive information. |
||
|
Update/Patch Available Apply patch: Intelligent Management Center v3.3 SP2 (R2606P13) |
|
|
Vulnerability Details The vulnerability is due to an error in the Intelligent Management Center that fails to sufficiently validate input when processing HTTP request parameters. Using directory traversal characters, a remote attacker may leverage this vulnerability to gain access to sensitive information. Successful exploitation of this issue will allow the attacker to gain access to restricted files. |
Protection Overview
This protection will detect and block crafted HTTP requests sent to the vulnerable system.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection taband select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.