漏洞信息详情
CA Unified Infrastructure Management 路径遍历漏洞
- CNNVD编号:CNNVD-201611-356 <!--
- 危害等级: 中危-->
- 危害等级: 中危
- CVE编号: CVE-2016-9164
- 漏洞类型: 路径遍历
- 发布时间: 2016-11-17
- 威胁类型: 远程
- 更新时间: 2017-03-08
- 厂 商: ca
- 漏洞来源: rgod working with ...
-
漏洞简介
CA Unified Infrastructure Management(CA UIM,前称CA Nimsoft Monitor)和CA Unified Infrastructure Management Snap (前称CA Nimsoft Monitor Snap)都是美国CA公司的统一的IT监控解决方案。该方案通过使用统一视图和后端架构来降低管理多个复杂IT监视工具的成本和复杂性。CA Unified Infrastructure Management Snap是CA Unified Infrastructure Management的升级版本。
CA UIM 8.4 SP1及之前的版本和CA UIM Snap中的diag.jsp文件存在目录遍历漏洞。远程攻击者可利用该漏洞读取任意文件。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html
参考网址
来源:FULLDISC
链接:http://seclists.org/fulldisclosure/2016/Nov/55
来源:BID
链接:http://www.securityfocus.com/bid/94257
来源:packetstormsecurity.com
链接:http://packetstormsecurity.com/files/139661/CA-Unified-Infrastructure-Management-Bypass-Traversal-Disclosure.html
来源:www.zerodayinitiative.com
链接:http://www.zerodayinitiative.com/advisories/ZDI-16-607
来源:www.ca.com
链接:https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html
受影响实体
- Ca Unified_infrastructure_management:8.4:Sp1<!--2000-1-1-->
补丁
- CA Unified Infrastructure Management 身份验证绕过漏洞的修复措施<!--2016-11-17-->
还没有评论,来说两句吧...