Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2011-1736 | First vendor Publication | 2011-05-07 |
Vendor | Cve | Last vendor Modification | 2018-10-09 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 8.5 | Attack Range | Network |
Cvss Impact Score | 7.8 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1736 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
72195 | HP OpenView Storage Data Protector Backup Client Service OmniInet.exe GET_FIL... HP OpenView Storage Data Protector contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the Backup Client Service, OmniInet.exe, not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via GET_FILE messages. This directory traversal attack would allow the attacker to access arbitrary files. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | HP OpenView Storage Data Protector directory traversal attempt RuleID : 20531 - Revision : 9 - Type : SERVER-WEBAPP |
2014-01-10 | HP OpenView Storage Data Protector directory traversal attempt RuleID : 20530 - Revision : 9 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-05-10 | Name : The backup service running on the remote host is affected by multiple vulnera... File : hp_data_protector_multiple_code_exec.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:14:24 |
|
2021-04-22 01:15:39 |
|
2020-05-23 00:28:24 |
|
2018-10-10 00:19:43 |
|
2017-08-17 09:23:31 |
|
2016-06-28 18:38:36 |
|
2016-04-26 20:43:39 |
|
2014-02-17 11:02:02 |
|
2014-01-19 21:27:46 |
|
2013-05-10 22:59:37 |
|