IBM developerWorks ncp 2.1 Remote Information Disclosure

2012.07.01
Credit: BugsNotHugs
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

http://www.ibm.com/developerworks/systems/articles/free_tools/index.html Can visit ncp pages and get info without authentication! http://target:8282/ gives version http://target:8282/real/lsconf.html detailed config info including: System Model Machine Serial Number Processor Type Number of Processors Processor Clock Speed CPU Type Kernel Type LAPR Info Memory Size Firmware Version Console Login (if enabled or not) Auto Restart status Host Name Gateway IP Name Server Domain Name Volume Group Info http://target:8282/real.html Graphs for host File System Use CPU Utilisation (User+System)

References:

http://www.ibm.com/developerworks/systems/articles/free_tools/index.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top