HTTP: Novell ZENWorks Asset Management rtrlet Component Information Disclosure
This signature detects attempts to exploit an information disclosure vulnerability in Novell ZENworks Asset Management. Due to insufficient sanitization of user input, attackers can gain access to arbitrary files on the targeted system.
Extended Description
The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function.
Affected Products
Novell zenworks_asset_management
Short Name
HTTP:NOVELL:ZENWORKS-INFODISC
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Asset CVE-2012-4933 Component Disclosure Information Management Novell ZENWorks bid:55933 rtrlet
Release Date
10/17/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Novell
CVSS Score
7.8