ManageEngine Firewall Analyzer 未明漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1191225 漏洞类型 设计错误
发布时间 2007-03-23 更新时间 2007-04-10
CVE编号 CVE-2007-1642 CNNVD-ID CNNVD-200703-576
漏洞平台 N/A CVSS评分 4.0
|漏洞来源
https://cxsecurity.com/issue/WLB-2007030177
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200703-576
|漏洞详情
ManageEngineFirewallAnalyzer中存在未明漏洞。远程认证用户可以借助一个直接的URL请求,访问任意普通文件。
|漏洞EXP
"ManageEngine Firewall Analyzer is a web based firewall monitoring and log analysis tool that collects, analyses, and reports information on enterprise-wide firewalls, proxy servers, and radius servers. "

a authorized user to the "firewall analyzer" can access any common file on the system, it is should not be allowded
|参考资料

来源:XF
名称:manageengine-unspecified-info-disclosure(33319)
链接:http://xforce.iss.net/xforce/xfdb/33319
来源:BID
名称:23097
链接:http://www.securityfocus.com/bid/23097
来源:BUGTRAQ
名称:20070330Re:ManageEngineFirewallAnalyzerarbitraryfiledisclosuretoauthorizeduser
链接:http://www.securityfocus.com/archive/1/archive/1/464271/100/0/threaded
来源:BUGTRAQ
名称:20070329Re:ManageEngineFirewallAnalyzerarbitraryfiledisclosuretoauthorizeduser
链接:http://www.securityfocus.com/archive/1/archive/1/464154/100/0/threaded
来源:BUGTRAQ
名称:20070322ManageEngineFirewallAnalyzerarbitraryfiledisclosuretoauthorizeduser
链接:http://www.securityfocus.com/archive/1/archive/1/463509/100/0/threaded
来源:SREASON
名称:2479
链接:http://securityreason.com/securityalert/2479
来源:SECUNIA
名称:24707
链接:http://secunia.com/advisories/24707
来源:OSVDB
名称:34525
链接:http://osvdb.org/34525