Signature Detail
Short Name |
APP:NOVELL:ZENWORKS-MOBILE-LFI |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Novell Zenworks Mobile Device Managment Local File Inclusion |
Release Date |
2013/06/20 |
Update Number |
2275 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: Novell Zenworks Mobile Device Managment Local File Inclusion
This signature detects attempts to exploit a known local file inclusion vulnerability in the Novell Zenworks Mobile Device Managment. It is due to insufficient validation of user-supplied input. A successful attack can result in arbitrary code execution and loss of sensitive information.
Extended Description
Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter.
Affected Products
- novell zenworks_mobile_management 2.6.1
- novell zenworks_mobile_management 2.7.0
References
- CVE: CVE-2013-1081