Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiRgodZDI-16-406
HistoryJul 07, 2016 - 12:00 a.m.

Novell NetIQ Sentinel Server ReportViewServlet fileName Directory Traversal Information Disclosure Vulnerability

2016-07-0700:00:00
rgod
www.zerodayinitiative.com
7

0.259 Low

EPSS

Percentile

96.7%

JSON

This vulnerability allows remote attackers to disclose arbitrary file contents on vulnerable installations of Novell NetIQ Sentinel Server. Authentication is required to exploit this vulnerability but it can be bypassed using a separate flaw within the LogonFormController. The specific flaw exists within the ReportViewServlet servlet. When fileType is specified as “PREVIEW”, the fileName parameter is vulnerable to directory traversal. An attacker could leverage this vulnerability to read the content of arbitrary files from the system.

Related

openvas 1
checkpoint_advisories 2
cve 1
cvelist 1
prion 1
nvd 1
openvas
openvas
NetIQ Sentinel Server Authentication Bypass and Arbitrary File Download
2016-08-03 00:00:00
checkpoint_advisories
checkpoint_advisories
Micro Focus NetIQ Sentinel Server ReportViewServlet Directory Traversal (CVE-2016-1605)
2016-09-15 00:00:00
Micro Focus NetIQ Sentinel Server SentinelContext Authentication Bypass (CVE-2016-1605)
2016-09-18 00:00:00
cve
cve
CVE-2016-1605
2016-08-01 02:59:01
cvelist
cvelist
CVE-2016-1605
2016-08-01 01:00:00
prion
prion
Directory traversal
2016-08-01 02:59:00
nvd
nvd
CVE-2016-1605
2016-08-01 02:59:01

0.259 Low

EPSS

Percentile

96.7%

JSON
Related for ZDI-16-406
openvas1checkpoint_advisories2cve1cvelist1prion1nvd1