Novell ZENworks umaninv Information Disclosure Vulnerability - CVE-2013-1084
This document (7012760) is provided subject to the disclaimer at the end of this document.
A change was added to block access to files using a relative path in the URL.
For Example: By issuing the request: http://22.214.171.124/zenworks-unmaninv/?action=GetFile&Filename=../../catalog.ini&Type=4&Platform=11&Lang=0 the catalog.ini file could be downloaded.
List of binaries modified zenworks-unmaninv.war
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7012760
- Creation Date:02-JUL-13
- Modified Date:16-JAN-14
- NovellZENworks Configuration Management
Did this document solve your problem? Provide Feedback