Absolute path traversal vulnerability in Novell File Reporter (Linux)ID: oval:org.secpod.oval:def:7940 | Date: (C)2012-11-21 (M)2022-10-10 |
Class: VULNERABILITY | Family: unix |
The host is installed with Novell File Reporter 1.0.2 and is prone to absolute path traversal vulnerability. A flaw is present in the application, which fails to handle requests on "/FSF/CMD" for records with NAME "SRS", OPERATION "4" and CMD "103". Successful exploitation allows remote attackers to read arbitrary files via a /FSF/CMD request with a full pathname in a PATH element of an SRS record.
Product: |
Novell File Reporter |