Lucene search

MitreCVE-2011-0345

HistoryMar 08, 2011 - 9:59 p.m.

CVE-2011-0345

2011-03-0821:59:33

CWE-22

mitre

web.nvd.nist.gov

cve-2011-0345

nms server

alcatel-lucent

omnivista 4760

directory traversal

http get requests

security vulnerability

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.007

Percentile

79.7%

JSON

Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable.

Affected configurations

Nvd

Node

alcatel-lucentomnivistaRange≤4760_r5.1.06.03

alcatel-lucentomnivistaMatch4760_r5.0.07.05

VendorProductVersionCPE
alcatel-lucentomnivista*cpe:2.3:a:alcatel-lucent:omnivista:*:*:*:*:*:*:*:*
alcatel-lucentomnivista4760_r5.0.07.05cpe:2.3:a:alcatel-lucent:omnivista:4760_r5.0.07.05:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
alcatel-lucent	omnivista	*	cpe:2.3:a:alcatel-lucent:omnivista::::::::
alcatel-lucent	omnivista	4760_r5.0.07.05	cpe:2.3:a:alcatel-lucent:omnivista:4760_r5.0.07.05:::::::*

References

seclists.org/fulldisclosure/2011/Mar/8

secunia.com/advisories/43507

securityreason.com/securityalert/8122

www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2011002.pdf

www.securityfocus.com/archive/1/516768/100/0/threaded

www.securityfocus.com/bid/46624

www.vupen.com/english/advisories/2011/0548

exchange.xforce.ibmcloud.com/vulnerabilities/65848

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.007

Percentile

79.7%

JSON

Related for CVE-2011-0345