Detections
Analytics

ManageEngine OpManager Multiple Directory Traversal Vulnerabilities

high Nessus Plugin ID 81378

Language:

Synopsis

The remote web server contains a Java web application that is affected by multiple directory traversal vulnerabilities.

Description

The version of ManageEngine OpManager installed on the remote host is affected by multiple directory traversal vulnerabilities :

 - The FileCollector servlet fails to properly sanitize user-supplied input to the 'regionID' and 'FILENAME' parameters when uploading files. This allows a remote attacker and authenticated users to write to and execute arbitrary WAR files.
 (CVE-2014-6034, CVE-2014-6035)

 - The multipartRequest servlet fails to properly sanitize user-supplied input to the 'fileName' parameter. This allows a remote attacker and authenticated users to delete arbitrary files. (CVE-2014-6036)

Note that Nessus has tested for the two directory traversal and file upload vulnerabilities; however, it did not test for the arbitrary code execution or file deletion vulnerabilities. If a file can be uploaded via the directory traversal attack, then the execution and deletion flaws are likely exploitable as well.

Solution

Upgrade to ManageEngine OpManager version 11.3 and apply the vendor-supplied patch.

See Also

http://www.nessus.org/u?d44b4150

https://seclists.org/fulldisclosure/2014/Sep/110

Plugin Details

Severity: High

ID: 81378

File Name: manageengine_opmanager_11300_file_upload_exploit.nasl

Version: 1.11

Type: remote

Family: CGI abuses

Published: 2/16/2015

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2014-6035

Vulnerability Information

CPE: cpe:/a:zohocorp:manageengine_opmanager

Required KB Items: installed_sw/ManageEngine OpManager

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/27/2014

Vulnerability Publication Date: 9/27/2014

Exploitable With

Metasploit (ManageEngine OpManager and Social IT Arbitrary File Upload)

Elliot (ManageEngine OpManager FileCollector Servlet File Upload)

Reference Information

CVE: CVE-2014-6034, CVE-2014-6035, CVE-2014-6036

BID: 70167, 70169, 70172