Detections
Analytics

Novell 'modulemanager' Servlet Arbitrary File Upload (safe check)

critical Nessus Plugin ID 47582

Language:

Synopsis

A web application on the remote host has an arbitrary file upload vulnerability.

Description

The Administration Console component of Novell Access Manager or Novell iManager running on the remote web server has an arbitrary file upload vulnerability. Sending a specially crafted multipart POST request to '/nps/servlet/modulemanager' results in the upload of arbitrary data. Specifying a destination filename that contains a directory traversal string allows an attacker to write arbitrary files as SYSTEM. Only Windows installs are affected.

A remote attacker could exploit this to upload arbitrary files to the system, resulting in remote code execution.

Since safe checks are enabled, Nessus fingerprinted the vulnerable servlet by sending innocuous requests and checking the HTTP response codes.

Solution

Upgrade to Access Manager 3.1 SP2 / iManager 2.7 ftf3 or later.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-10-112/

http://www.nessus.org/u?223e218b

https://www.zerodayinitiative.com/advisories/ZDI-10-190/

https://support.microfocus.com/kb/doc.php?id=7006515

Plugin Details

Severity: Critical

ID: 47582

File Name: novell_access_manager_file_upload_safe.nasl

Version: 1.12

Type: remote

Family: CGI abuses

Published: 7/1/2010

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/10/2010

Vulnerability Publication Date: 6/10/2010

Exploitable With

Metasploit (Novell iManager getMultiPartParameters Arbitrary File Upload)

Elliot (Novell iManager File Upload)

Reference Information

CVE: CVE-2010-0284

BID: 40931, 43635

Secunia: 40198, 41687