HP Data Protector Backup Client Service GET_FILE Directory Traversal Vulnerability
Severity: : High
CVE Kennungen: : CVE-2011-1736
Advisory Date: 21 lipca 2015
DESCRIPTION
Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message.
INFORMATION EXPOSURE
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1004675
Trend Micro Deep Security DPI Rule Name: 1004675 - HP Data Protector Backup Client Service GET_FILE Directory Traversal Vulnerability
AFFECTED SOFTWARE AND VERSION:
- hp openview_storage_data_protector 6.00
- hp openview_storage_data_protector 6.10
- hp openview_storage_data_protector 6.11