Summary
This host is installed with Turbo Operations Manager and is prone to directory traversal vulnerability.
Impact
Successful exploitation will allow attackers to perform directory traversal attacks and read arbitrary files on the affected application.
Impact Level: Application
Solution
Upgrade to VM Turbo Operations Manager 4.6 or later, For updates refer to http://go.vmturbo.com/cloud-edition-download.html
Insight
Input passed to the 'xml_path' parameter in '/cgi-bin/help/doIt.cgi' is not properly sanitised before being used to get the contents of a resource.
Affected
VM Turbo Operations Manager 4.5.x and earlier
Detection
Send a crafted HTTP GET request and check whether it is able read the system files to execute or not.
References
Severity
Classification
-
CVE CVE-2014-3806 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Tiles Multiple XSS Vulnerability
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- Apache Archiva Cross Site Request Forgery Vulnerability
- Adobe ColdFusion Unspecified Information Disclosure Vulnerability
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities