Micro Focus Open Enterprise Server Directory Traversal Vulnerability


Description   (:A vulnerability was reported in Micro Focus (Novell) Open Enterprise Server.:A remote attacker could exploit it by via an URL with directory-traversal characters ('../') in order to access sensitive information.::This vulnerability is located in Remote Manager (NRM).)
     
Vulnerable Products   Vulnerable OS:
Open Enterprise Server (SUSE) - 11, 11 SP2, 11 SP3, 2, 2 SP1, 2 SP2, 2 SP3, 2015, 2015 SP1
     
Solution   Novell has released a fix for Remote Manager via the "January 2017 Hot Patch" in order to resolve this vulnerability.
     
CVE   CVE-2017-5182
     
References   - Novell : Micro Focus Open Enterprise Server directory traversal vulnerability CVE-2017-5182.
https://www.novell.com/support/kb/doc.php?id=7018503
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Misc : Directory traversal - parameter starting with ../
3.2.0
Directory traversal using ..\..
3.2.0
Directory traversal
3.2.0
Directory traversal backward root folder
3.2.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2017-01-20 

 Target Type 
Server 

 Possible exploit 
Remote