HTTP: Novell Sentinel Log Manager Filename Parameter Directory Traversal

This signature detects attempts to exploit a known vulnerability against Novell Log Manager. A successful exploit can result in a reading arbitrary files.

Extended Description

Sentinel Log Manager is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Successfully exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks. Sentinel Log Manager versions 1.2.0.1 and prior are vulnerable.

Affected Products

Novell sentinel_log_manager

References

BugTraq: 51104

CVE: CVE-2011-5028

Short Name
HTTP:NOVELL:FILENAME-PARAM-DT
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2011-5028 Directory Filename Log Manager Novell Parameter Sentinel Traversal bid:51104
Release Date
02/09/2015
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Novell

CVSS Score

4.0

Found a potential security threat?