APP: HP Intelligent Management Center Reporting Information Disclosure

This signature detects attempts to exploit a known information disclosure vulnerability in HP Intelligent Management Center. It is due to insufficient input validation when processing HTTP request parameters. Using directory traversal characters, a remote unauthenticated attacker can leverage this to view the file contents of arbitrary files on a target system.

Extended Description

3Com Intelligent Management Center is prone to multiple directory-traversal, cross-site scripting, and information-disclosure vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will allow an attacker to traverse through arbitrary directories and gain access to sensitive information, view local files in the context of the webserver process, and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. 3Com Intelligent Management Center 3.3 SP1 and 3.3.9 are vulnerable; other versions may also be affected.

Affected Products

3com intelligent_management_center_(imc)

Short Name
APP:HPOV:INT-MGMT-CTR-DIRTRAV
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Center Disclosure HP Information Intelligent Management Reporting bid:40298
Release Date
10/07/2010
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

3com

Found a potential security threat?