Summary
This host is installed with ManageEngine
OpManager and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers
to upload arbitrary files and execute the script within the file with the privileges of the web server, manipulate SQL queries in the backend database, and disclose certain sensitive information.
Impact Level: Application
Solution
Apply the patch from the given link,
https://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix https://support.zoho.com/portal/manageengine/helpcenter/articles/fix-for-remote-code-execution-via-file-upload-vulnerability
Insight
Multiple flaws are due to,
- /servlet/MigrateLEEData script not properly sanitizing user input, specifically path traversal style attacks (e.g. '../') supplied via the 'fileName' parameter.
- /servlet/MigrateCentralData script not properly sanitizing user input, specifically path traversal style attacks (e.g. '../') supplied via the 'zipFileName' parameter.
- /servlet/APMBVHandler script not properly sanitizing user-supplied input to the 'OPM_BVNAME' POST parameter.
- /servlet/DataComparisonServlet script not properly sanitizing user-supplied input to the 'query' POST parameter.
Affected
ManageEngine OpManager version 11.3/11.4
Detection
Send a crafted request via HTTP GET and
check whether it is able to execute sql query or not.
References
- http://osvdb.org/114479
- http://osvdb.org/114480
- http://osvdb.org/114481
- http://osvdb.org/114482
- http://www.exploit-db.com/exploits/35209
- https://support.zoho.com/portal/manageengine/helpcenter/articles/fix-for-remote-code-execution-via-file-upload-vulnerability
- https://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-7866, CVE-2014-7868 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities