Compaq Management Agents Web File ...

- AV AC AU C I A
发布: 1999-05-25
修订: 2018-10-17

A vulnerability in the Compaq Management Agents and the Compaq Survey Utility when running as an agent allows remote malicious users to steal local files. All Compaq Server and Client Management Agents version 4.0 or later are vulnerable. All Compaq Survey Utility versions 2.0 or later are vulnerable. Compaq's Insight Manger a comprehensive management tool to monitor and control the operation of Compaq servers and clients and DIGITAL X86 and Alpha-based servers. One of its features is web acess to its device and configuration information via a built-in web server in the agents. Insight Manager is available for several platforms including Windows NT and Netware. The web server in the agents fails to check whether requested files fall outside its document tree (by using ".." in the URL). Thus attackers can retrieve files in the same drives as that on which the software resides if they know or can get it's filename. The web server listens on port 2301. By default the only user ...

0%
当前有1条漏洞利用/PoC
产品及版本信息(CPE)暂不可用