Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1736

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2011-1736
Last Modified 06 Sep 2011 11:16:29
Published 07 May 2011 03:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1736

Summary

Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message.

Vulnerable Systems

Application

  • Hp Openview Storage Data Protector 6.00

  • Hp Openview Storage Data Protector 6.10

  • Hp Openview Storage Data Protector 6.11


References

MISC - http://zerodayinitiative.com/advisories/ZDI-11-152/

XF - openview-data-code-exec(67209)

SECTRACK - 1025454

BID - 47638

BUGTRAQ - 20110429 ZDI-11-152: HP Data Protector Backup Client Service GET_FILE Directory Traversal Vulnerability

SECUNIA - 44402

OSVDB - 72195

HP - SSRT100474

HP - HPSBMA02668


Last Updated: 27 May 2016 10:56:25