Description
Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the lang variable.
Affected products
- Alcatel-Lucent / omnivista4760_r5.1.06.03
- Alcatel-Lucent / omnivista4760_r5.0.07.05 – 4760_r5.0.07.05
References
- VENDOR_ADVISORYhttp://secunia.com/advisories/43507
- MISChttp://securityreason.com/securityalert/8122
- MISChttp://www.securityfocus.com/archive/1/516768/100/0/threaded
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0548
- MAILING_LISThttp://seclists.org/fulldisclosure/2011/Mar/8
- MISChttp://www.securityfocus.com/bid/46624
- MISChttp://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2011002.pdf
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/65848