CVE-2007-5413

httpd.tkd in Radia Integration Server in Hewlett-Packard (HP) OpenView Configuration Management (CM) Infrastructure 4.0 through 4.2i and Client Configuration Manager (CCM) 2.0 allows remote attackers to read arbitrary files via URLs containing tilde (~) references to home directories, as demonstrated by ~root.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securitytracker.com/id?1018858
http://secunia.com/advisories/27341	Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-07-060.html
http://osvdb.org/39528
http://www.vupen.com/english/advisories/2007/3620	Vendor Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01205079
https://exchange.xforce.ibmcloud.com/vulnerabilities/37400
http://www.securityfocus.com/archive/1/483106/100/100/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hp:openview_client_configuraton_manager:2.0::windows:::::
	cpe:2.3:a:hp:openview_configuration_management:4.0::aix:::::
	cpe:2.3:a:hp:openview_configuration_management:4.1::linux:::::
	cpe:2.3:a:hp:openview_configuration_management:4.1::solaris:::::
	cpe:2.3:a:hp:openview_configuration_management:4.2i::aix:::::
	cpe:2.3:a:hp:openview_configuration_management:4.2i::hpux:::::
	cpe:2.3:a:hp:openview_configuration_management:4.2i::linux:::::
	cpe:2.3:a:hp:openview_configuration_management:4.1::aix:::::
	cpe:2.3:a:hp:openview_configuration_management:4.1::hpux:::::
	cpe:2.3:a:hp:openview_configuration_management:4.2::solaris:::::
	cpe:2.3:a:hp:openview_configuration_management:4.2::windows:::::
	cpe:2.3:a:hp:openview_configuration_management:4.0::linux:::::
	cpe:2.3:a:hp:openview_configuration_management:4.2i::windows:::::
	cpe:2.3:a:hp:openview_configuration_management:4.1::windows:::::
	cpe:2.3:a:hp:openview_configuration_management:4.0::windows:::::
	cpe:2.3:a:hp:openview_configuration_management:4.0::solaris:::::
	cpe:2.3:a:hp:openview_configuration_management:4.0::hpux:::::
	cpe:2.3:a:hp:openview_configuration_management:4.2::linux:::::
	cpe:2.3:a:hp:openview_configuration_management:4.2i::solaris:::::
	cpe:2.3:a:hp:openview_configuration_management:4.2::hpux:::::
	cpe:2.3:a:hp:openview_configuration_management:4.2::aix:::::

Information

Published : 2007-10-29 15:46

Updated : 2018-10-15 14:44

NVD link : CVE-2007-5413

Mitre link : CVE-2007-5413

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Products Affected

openview_configuration_management
openview_client_configuraton_manager

7.8 /10