Executive Summary
Summary | |
---|---|
Title | HP StorageWorks P2000 G3 directory traversal vulnerability |
Informations | |||
---|---|---|---|
Name | VU#885499 | First vendor Publication | 2012-02-20 |
Vendor | VU-CERT | Last vendor Modification | 2012-03-02 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#885499HP StorageWorks P2000 G3 directory traversal vulnerabilityOverviewHP StorageWorks P2000 G3 contains a directory traversal vulnerability which may allow a remote, unauthenticated attacker to obtain sensitive information.I. DescriptionHP StorageWorks P2000 G3 contains an embedded webserver which is vulnerable to a directory traversal vulnerability which may allow a remote, unauthenticated attacker to obtain sensitive information.This vulnerability was also reported to ZDI by another researcher and was disclosed publicly. II. ImpactA remote unauthenticated attacker could obtain sensitive information.III. SolutionApply Update
Referenceshttp://www.zerodayinitiative.com/advisories/ZDI-12-015/ CreditThanks to Thomas Leonardo of The Cooperative Bank for reporting this vulnerability. This document was written by Michael Orlando. Other Information
This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify |
Original Source
Url : http://www.kb.cert.org/vuls/id/885499 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2012-02-21 | Name : HP StorageWorks Default Accounts and Directory Traversal Vulnerabilities File : nvt/gb_hp_storageworks_51399.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
78307 | HP StorageWorks P2000 G3 URI Traversal Arbitrary File Access |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
1999-11-05 | Name : The remote web server is affected by a directory traversal vulnerability. File : web_traversal.nasl - Type : ACT_ATTACK |