Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5413

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2007-5413
Last Modified 12 May 2011 12:00:00
Published 29 Oct 2007 06:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5413

Summary

httpd.tkd in Radia Integration Server in Hewlett-Packard (HP) OpenView Configuration Management (CM) Infrastructure 4.0 through 4.2i and Client Configuration Manager (CCM) 2.0 allows remote attackers to read arbitrary files via URLs containing tilde (~) references to home directories, as demonstrated by ~root.

Vulnerable Systems

Application

  • Hp Openview Client Configuraton Manager 2.0

  • Hp Openview Configuration Management 4.0

  • Hp Openview Configuration Management 4.1

  • Hp Openview Configuration Management 4.2

  • Hp Openview Configuration Management 4.2i


References

HP - SSRT071298

XF - hpopenview-cm-ccm-unauthorized-access(37400)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-07-060.html

VUPEN - ADV-2007-3620

SECTRACK - 1018858

BUGTRAQ - 20071031 ZDI-07-060: HP OpenView Radia Integration Server File System Exposure Vulnerability

SECUNIA - 27341

OSVDB - 39528

HP - HPSBMA02279


Last Updated: 27 May 2016 10:47:28