Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable.
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
| Link | Tags |
|---|---|
| http://secunia.com/advisories/43507 | third party advisory vendor advisory |
| http://securityreason.com/securityalert/8122 | third party advisory |
| http://www.securityfocus.com/archive/1/516768/100/0/threaded | mailing list |
| http://www.vupen.com/english/advisories/2011/0548 | vdb entry vendor advisory |
| http://seclists.org/fulldisclosure/2011/Mar/8 | mailing list |
| http://www.securityfocus.com/bid/46624 | vdb entry |
| http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2011002.pdf | vendor advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65848 | vdb entry |