ManageEngine Firewall Analyzer arbitrary file disclosure to authorized user

2007.03.30

Credit: yearsilent

Risk: Medium

Local: Yes

Remote: No

CVE: CVE-2007-1642

CWE: CWE-noinfo

Ogólna skala CVSS: 4/10

Znaczenie: 2.9/10

Łatwość wykorzystania: 8/10

Wymagany dostęp: Zdalny

Złożoność ataku: Niska

Autoryzacja: Jednorazowa

Wpływ na poufność: Częściowy

Wpływ na integralność: Brak

Wpływ na dostępność: Brak

"ManageEngine Firewall Analyzer is a web based firewall monitoring and log analysis tool that collects, analyses, and reports information on enterprise-wide firewalls, proxy servers, and radius servers. "

a authorized user to the "firewall analyzer" can access any common file on the system, it is should not be allowded

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

ManageEngine Firewall Analyzer arbitrary file disclosure to authorized user

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.