EMC Navisphere Manager 6.x - Directory Traversal / Information Disclosure

EDB-ID:

26101

Author:

anonymous

Type:

remote

Platform:

Linux

Published:

2005-08-05

source: http://www.securityfocus.com/bid/14487/info

EMC Navisphere Manager is affected by directory traversal and information disclosure vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

A remote unauthorized user can disclose the contents of arbitrary local files through the use of directory traversal strings '../'. An attacker can also obtain the contents of arbitrary directories by appending a '.' to the end of a request. Exploitation of these vulnerabilities could lead to a loss of confidentiality and information disclosure. 

http://www.example.com/../../../../../../../EMC/NAVISPHERE/common/log/navimon.log
http://www.example.com/.