HP Data Protector Backup Client Service GET_FILE Directory Traversal Vulnerability
Gravité: : Élevé
Identifiant(s) CVE: : CVE-2011-1736
Date du conseil: 21 juillet 2015
Description
Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message.
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1004675
Trend Micro Deep Security DPI Rule Name: 1004675 - HP Data Protector Backup Client Service GET_FILE Directory Traversal Vulnerability
Affected software and version:
- hp openview_storage_data_protector 6.00
- hp openview_storage_data_protector 6.10
- hp openview_storage_data_protector 6.11