Short Name |
HTTP:MISC:IBM-CONSOLE-FILE-READ |
---|---|
Severity |
Minor |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
IBM Global Console Managers Arbitrary File Download |
Release Date |
2015/02/04 |
Update Number |
2463 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against IBM Global Console Manager. A successful attack can allow an attacker to view arbitrary files within the context of the application.
prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter.