CA.UIM.download_lar.jsp.Directory.Traversal
Description
This indicates an attack attempt against a Directory Traversal vulnerability in CA Unified Infrastructure Management.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application while handling maliciously crafted requests to download_lar.jsp. A remote attacker can exploit this to download arbitrary file from the target server via a crafted request.
Affected Products
CA Unified Infrastructure Management prior to r8.4 SP2
CA Unified Infrastructure Management Snap prior to r8.4 SP2
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the latest patch from the vendor.
http://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |