Intrusion Prevention

CA.UIM.download_lar.jsp.Directory.Traversal

Description

This indicates an attack attempt against a Directory Traversal vulnerability in CA Unified Infrastructure Management.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application while handling maliciously crafted requests to download_lar.jsp. A remote attacker can exploit this to download arbitrary file from the target server via a crafted request.

Affected Products

CA Unified Infrastructure Management prior to r8.4 SP2
CA Unified Infrastructure Management Snap prior to r8.4 SP2

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

CVE References

CVE-2016-5803