BID:23097

ManageEngine Firewall Analyzer Arbitrary Files Information Disclosure Vulnerability

Info

ManageEngine Firewall Analyzer Arbitrary Files Information Disclosure Vulnerability

Bugtraq ID:	23097
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 22 2007 12:00AM
Updated:	Mar 30 2007 04:53PM
Credit:	yearsilent is credited with the discovery of this vulnerability.
Vulnerable:	ManageEngine Firewall Analyzer 4

Not Vulnerable:	ManageEngine Firewall Analyzer 4 Build 4030

Discussion

ManageEngine Firewall Analyzer Arbitrary Files Information Disclosure Vulnerability

ManageEngine Firewall Analyzer is prone to a remote information-disclosure vulnerability.

A remote authenticated attacker can leverage this issue to access sensitive data. Information obtained could aid in further attacks.

Exploit / POC

ManageEngine Firewall Analyzer Arbitrary Files Information Disclosure Vulnerability

Remote authenticated attackers may exploit this issue via a browser.

Solution / Fix

ManageEngine Firewall Analyzer Arbitrary Files Information Disclosure Vulnerability

Solution:
The vendor has released Build 4030 to address this issue. Please contact the vendor for details on obtaining and applying the appropriate updates.

References

ManageEngine Firewall Analyzer Arbitrary Files Information Disclosure Vulnerability

References:

ManageEngine Firewall Analyzer arbitrary file disclosure to authorized user (yearsilent)
Re: ManageEngine Firewall Analyzer arbitrary file disclosure to authorized user ([email protected])
Re: ManageEngine Firewall Analyzer arbitrary file disclosure to authorized user (ManageEngine)
ManageEngine Homepage (ManageEngine)