7.8

CVE-2007-5413

httpd.tkd in Radia Integration Server in Hewlett-Packard (HP) OpenView Configuration Management (CM) Infrastructure 4.0 through 4.2i and Client Configuration Manager (CCM) 2.0 allows remote attackers to read arbitrary files via URLs containing tilde (~) references to home directories, as demonstrated by ~root.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HpOpenview Client Configuraton Manager Version2.0 Editionwindows
HpOpenview Configuration Management Version4.0 Editionaix
HpOpenview Configuration Management Version4.0 Editionhpux
HpOpenview Configuration Management Version4.0 Editionlinux
HpOpenview Configuration Management Version4.0 Editionsolaris
HpOpenview Configuration Management Version4.0 Editionwindows
HpOpenview Configuration Management Version4.1 Editionaix
HpOpenview Configuration Management Version4.1 Editionhpux
HpOpenview Configuration Management Version4.1 Editionlinux
HpOpenview Configuration Management Version4.1 Editionsolaris
HpOpenview Configuration Management Version4.1 Editionwindows
HpOpenview Configuration Management Version4.2 Editionaix
HpOpenview Configuration Management Version4.2 Editionhpux
HpOpenview Configuration Management Version4.2 Editionlinux
HpOpenview Configuration Management Version4.2 Editionsolaris
HpOpenview Configuration Management Version4.2 Editionwindows
HpOpenview Configuration Management Version4.2i Editionaix
HpOpenview Configuration Management Version4.2i Editionhpux
HpOpenview Configuration Management Version4.2i Editionlinux
HpOpenview Configuration Management Version4.2i Editionsolaris
HpOpenview Configuration Management Version4.2i Editionwindows
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.77% 0.844
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:C/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01205079
http://osvdb.org/39528
http://secunia.com/advisories/27341
Vendor Advisory
http://www.securityfocus.com/archive/1/483106/100/100/threaded
http://www.securitytracker.com/id?1018858
http://www.vupen.com/english/advisories/2007/3620
Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-07-060.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/37400