Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5028

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2011-5028
Last Modified 14 Feb 2013 11:51:49
Published 29 Dec 2011 05:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-5028

Summary

Directory traversal vulnerability in novelllogmanager/FileDownload in Novell Sentinel Log Manager 1.2.0.1_938 and earlier, as used in Novell Sentinel before 7.0.1.0, allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.

Vulnerable Systems

Application

  • Novell Sentinel Log Manager 1.2.0.1 938


References

XF - novell-filedownload-dir-traversal(71861)

SECTRACK - 1026437

SECUNIA - 47258

FULLDISC - 20111218 Novell Sentinel Log Manager <=1.2.0.1 Path Traversal

CONFIRM - http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5138757.html

OSVDB - 77948

SECUNIA - 48760


Last Updated: 27 May 2016 10:57:17