VM Turbo Operations Manager Directory Traversal Vulnerability Network Vulnerability

Summary

This host is installed with Turbo Operations Manager and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow attackers to perform directory traversal attacks and read arbitrary files on the affected application. Impact Level: Application

Solution

Upgrade to VM Turbo Operations Manager 4.6 or later, For updates refer to http://go.vmturbo.com/cloud-edition-download.html

Insight

Input passed to the 'xml_path' parameter in '/cgi-bin/help/doIt.cgi' is not properly sanitised before being used to get the contents of a resource.

Affected

VM Turbo Operations Manager 4.5.x and earlier

Detection

Send a crafted HTTP GET request and check whether it is able read the system files to execute or not.

References

http://www.securityfocus.com/archive/1/532061
https://support.vmturbo.com/hc/en-us/articles/203170127-VMTurbo-Operations-Manager-v4-6-Announcement

Updated on 2017-03-28

Severity

Classification

CVE CVE-2014-3806
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
@Mail 'MailType' Parameter Cross Site Scripting Vulnerability
Apache Tomcat SecurityConstraints Security Bypass Vulnerability
Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
Aker Secure Mail Gateway Cross-Site Scripting Vulnerability

Take action and discover your vulnerabilities