HP Data Protector Backup Client Service GET_FILE Directory Traversal Vulnerability
Severity: HIGH
CVE Identifier: CVE-2011-1736
Advisory Date: JUL 21, 2015
DESCRIPTION
Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message.
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1004675
Trend Micro Deep Security DPI Rule Name: 1004675 - HP Data Protector Backup Client Service GET_FILE Directory Traversal Vulnerability
AFFECTED SOFTWARE AND VERSION
- hp openview_storage_data_protector 6.00
- hp openview_storage_data_protector 6.10
- hp openview_storage_data_protector 6.11