Short Name |
APP:NOVELL:REPORTER-FSFUI |
---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Novell File Reporter FSFUI Arbitrary File Retrieval |
Release Date |
2013/08/04 |
Update Number |
2287 |
Supported Platforms |
idp-4.0+, isg-3.4+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vsrx-12.1+ |
This signature detects a known vulnerability against Novell File Reporter. It is caused by insufficient authentication when handling SRS requests. An remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted request to the server. Successful exploitation could result in arbitrary file retrieval with SYSTEM privileges.
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to read arbitrary files via a 126 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.