CVE-2011-0345

Sažetak

Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable.

Reference

http://seclists.org/fulldisclosure/2011/Mar/8
http://secunia.com/advisories/43507
http://securityreason.com/securityalert/8122
http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2011002.pdf
http://www.securityfocus.com/archive/1/516768/100/0/threaded
http://www.securityfocus.com/bid/46624
http://www.vupen.com/english/advisories/2011/0548
https://exchange.xforce.ibmcloud.com/vulnerabilities/65848

CVSS

Base:	3.3
Impact:	2.9
Exploitability:	6.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:A/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

10-10-2018 - 20:09

Objavljeno

08-03-2011 - 21:59