 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.105083 |
| Categoría: | Web application abuses |
| Título: | ManageEngine EventLog Analyzer Multiple Security Vulnerabilities |
| Resumen: | ManageEngine EventLog Analyzer is prone to an arbitrary file-upload;vulnerability and an unauthorized-access vulnerability. |
| Descripción: | Summary: ManageEngine EventLog Analyzer is prone to an arbitrary file-upload vulnerability and an unauthorized-access vulnerability. Vulnerability Insight: 1)Unauthenticated remote code execution ME EventLog Analyzer contains a 'agentUpload' servlet which is used by Agents to send log data as zip files to the central server. Files can be uploaded without authentication and are stored/decompressed in the 'data' subdirectory. As the decompress procedure is handling the file names in the ZIP file in a insecure way it is possible to store files in the web root of server. This can be used to upload/execute code with the rights of the application server. 2) Authorization issues The EventLog Analyzer web interface does not check if an authenticated has sufficient permissions to access certain parts of the application. A low privileged user (for example guest) can therefore access critical sections of the web interface, by directly calling the corresponding URLs. This can be used to access the database browser of the application which gives the attacker full access to the database. Vulnerability Impact: Attackers can exploit these issues to execute arbitrary code and gain unauthorized access to the critical sections of the application. Affected Software/OS: EventLog Analyzer 9.9 Build 9002 and prior are vulnerable. Solution: Ask the Vendor for an update. Workaround: 1) Unauthenticated remote code execution If agents are not used to collect log information, access to the servlet can be disabled by commenting out the following lines in the web.xml file (webapps/event/WEB-INF/web.xml) and restart the service. 2) Authorization issues No workaround, reduce the attack surface by disabling unused low privileged accounts like 'guest'. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-6037 BugTraq ID: 69482 http://www.securityfocus.com/bid/69482 http://www.exploit-db.com/exploits/34519 http://seclists.org/fulldisclosure/2014/Aug/86 http://seclists.org/fulldisclosure/2014/Sep/1 http://seclists.org/fulldisclosure/2014/Sep/19 http://seclists.org/fulldisclosure/2014/Sep/20 http://packetstormsecurity.com/files/128102/ManageEngine-EventLog-Analyzer-9.9-Authorization-Code-Execution.html https://github.com/rapid7/metasploit-framework/pull/3732 https://www.mogwaisecurity.de/advisories/MSA-2014-01.txt http://osvdb.org/show/osvdb/110642 |
| Copyright | Copyright (C) 2014 Greenbone Networks GmbH |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |