Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title ManageEngine ServiceDesk directory traversal vulnerability
Informations
Name VU#543310 First vendor Publication 2011-06-27
Vendor VU-CERT Last vendor Modification 2011-06-27
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#543310

ManageEngine ServiceDesk directory traversal vulnerability

Overview

ManageEngine ServiceDesk contains a directory traversal vulnerability which may allow a remote, unauthenticated attacker to obtain sensitive information.

I. Description

ManageEngine ServiceDesk Plus 8.0, and possibly prior versions, contains a directory traversal vulnerability in the FileDownload.jsp page caused by an input validation error when handling requests. Additionally, ServiceDesk Plus 8.0 fails to verify that requests to the FileDownload.jsp page originate from an authenticated user. An unauthenticated attacker can exploit these vulnerabilities via directory traversal specifiers sent in a specially crafted request to the FileDownload.jsp page.

II. Impact

A remote unauthenticated attacker could obtain sensitive information.

III. Solution

Apply an Update

ManageEngine recommends users update to ManageEngine Service Desk Build 8012 or later.

Vendor Information

VendorStatusDate NotifiedDate Updated
ZohoAffected2011-05-162011-06-22

References

http://www.manageengine.com/products/service-desk/service-packs.html

Credit

Thanks to Keith Lee Yong Ming for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

Date Public:2011-06-21
Date First Published:2011-06-27
Date Last Updated:2011-06-27
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Severity Metric:2.43
Document Revision:10

Original Source

Url : http://www.kb.cert.org/vuls/id/543310

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-287 Improper Authentication
50 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
74348 ManageEngine ServiceDesk Plus FileDownload.jsp Unauthenticated Remote File Ac...
73310 ManageEngine ServiceDesk Plus workorder/FileDownload.jsp FILENAME Parameter T...

ManageEngine ServiceDesk Plus contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the workorder/FileDownload.jsp script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'FILENAME' parameter. This directory traversal attack would allow the attacker to access arbitrary files.

Nessus® Vulnerability Scanner

Date Description
2011-06-28 Name : The remote web server is prone to a directory traversal attack.
File : manageengine_servicedesk_FILENAME_traversal.nasl - Type : ACT_ATTACK

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:07:56
  • Multiple Updates