HTTP: IBM Global Console Managers Arbitrary File Download

This signature detects attempts to exploit a known vulnerability against IBM Global Console Manager. A successful attack can allow an attacker to view arbitrary files within the context of the application.

Extended Description

prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter.

Affected Products

Ibm global_console_manager_32_firmware

References

BugTraq: 68779

CVE: CVE-2014-3081

Short Name
HTTP:MISC:IBM-CONSOLE-FILE-READ
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Arbitrary CVE-2014-3081 Console Download File Global IBM Managers bid:68779
Release Date
02/04/2015
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Ibm

CVSS Score

6.3

Found a potential security threat?