Short Name |
APP:NOVELL:ZENWORKSCM-DIRTRVRSL |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Novell ZENworks Configuration Management newDocumentWizard Directory Traversal |
Release Date |
2013/06/11 |
Update Number |
2271 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in Novell ZENworks Configuration Management. It is due to insufficient input validation within the ZENworks Server's newDocumentWizard. Successful exploitation could allow an attacker to execute arbitrary code on the vulnerable system with Administrator privileges.
The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443.