HP Storage Essentials Software Directory Traversal Vulnerability - Advisories - Secunia

Wednesday, April 09, 2008 2:10 PM cmosby

HP Storage Essentials Software Directory Traversal Vulnerability - Advisories - Secunia

HP Storage Essentials Software Directory Traversal Vulnerability

Secunia Advisory:
SA29726
Release Date:
2008-04-09
Critical:

Moderately critical
Impact:
Manipulation of data
Exposure of sensitive information
System access
Where:
From local network
Solution Status:
Unpatched
Software:
HP Storage Essentials SRM 5.x
HP Storage Essentials SRM 6.x
CVE reference:
CVE-2006-5750 (Secunia mirror)
Description:
HP has acknowledged a vulnerability in HP Storage Essentials Software, which can be exploited by malicious users to disclose sensitive information, manipulate data, or potentially to compromise a vulnerable system.

For more information:
SA23095

Solution:
Disable "MBean" in jboss-service.xml. Please see the vendor advisory for more details.

Reportedly, the vulnerability will be fixed in versions 5.1.0 SP5 and 6.0.0 SP1.

Original Advisory:
HPSBST02318 SSRT080018:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01390402

Other References:
SA23095:
http://secunia.com/advisories/23095/

Source: HP Storage Essentials Software Directory Traversal Vulnerability - Advisories - Secunia

Filed under: Patch Management, Security, Enterprise Applications, Software Vulnerabilites

Comments

No Comments

Chris Mosby at myITforum.com

Search

Tags

News

Unique Visitors

Navigation

Archives

Microsoft Links

SMS Links

Great Blogs

My Links

Security Links

Anti-Virus Links

Things I Have Done or I Am Involved In

Published Works

HP Storage Essentials Software Directory Traversal Vulnerability - Advisories - Secunia

Comments