TFTP Directory Permissions (HP Ignite-UX) Network Vulnerability

Summary

The remote host has a vulnerable version of the HP Ignite-UX application installed that exposes a world-writeable directory to anonymous TFTP access.

Solution

Upgrade to a version of the Ignite-UX application that does not exhibit this behaviour. If it is not required, disable or uninstall the TFTP server. Otherwise restrict access to trusted sources only.

References

http://www.corsaire.com/advisories/c041123-002.txt

Updated on 2015-03-25

Severity

Classification

CVE CVE-2004-0952
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Apache Tomcat servlet/JSP container default files
Apple Safari Multiple Vulnerabilities
Apple Mac OS X Authentication Bypass Vulnerability
Apple Safari Multiple Memory Corruption Vulnerabilities-02 Aug14 (Mac OS X)
aMSN session hijack vulnerability (Windows)

TFTP directory permissions (HP Ignite-UX)

Take action and discover your vulnerabilities