Check Point Reference: | CPAI-2011-107 |
Date Published: | 18 Feb 2011 |
Severity: | Critical |
Last Updated: | Saturday 01 January, 2011 |
Source: | Secunia Advisory SA41687 |
Protection Provided by: | |
Who is Vulnerable? | Novell iManager 2.7.3.2 and prior |
Vulnerability Description | A vulnerability was reported in Novell iManager, a web-based administration console that provides management of many other Novell products. The vulnerability is due to insufficient validation of the getMultiPartParametersfunction. A remote attacker could leverage this vulnerability to upload arbitrary content to arbitrary files on the target system. |
Update/Patch Avaliable | Novell has released an advisory to address this issue. |
Vulnerability Details | The vulnerability is due to insufficient validation of user input within the getMultiPartParameters function. Since Novell iManager (via the Tomcat servlet container) runs as the SYSTEM user on Windows, successful exploitation would allow the upload of arbitrary files to any directory on a target system. |