Overview
HP StorageWorks P2000 G3 contains a directory traversal vulnerability which may allow a remote, unauthenticated attacker to obtain sensitive information.
Description
HP StorageWorks P2000 G3 contains an embedded webserver which is vulnerable to a directory traversal vulnerability which may allow a remote, unauthenticated attacker to obtain sensitive information. This vulnerability was also reported to ZDI by another researcher and was disclosed publicly. |
Impact
A remote unauthenticated attacker could obtain sensitive information. |
Solution
Apply Update |
Restrict access |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 0 | AV:--/AC:--/Au:--/C:--/I:--/A:-- |
| Temporal | 0 | E:ND/RL:ND/RC:ND |
| Environmental | 0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
- http://www.zerodayinitiative.com/advisories/ZDI-12-015/
- http://h10010.www1.hp.com/wwpc/us/en/sm/WF05a/12169-304616-241493-241493-241493-4118559.html?dnr=1
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&task
- Id=110&prodSeriesId=4118559&prodTypeId=12169&objectID=c03098935&prodTypeId=32929
- 0&prodSeriesId=1143842
Acknowledgements
Thanks to Thomas Leonardo of The Cooperative Bank for reporting this vulnerability.
This document was written by Michael Orlando.
Other Information
| CVE IDs: | CVE-2011-4788 |
| Date Public: | 2012-01-13 |
| Date First Published: | 2012-02-20 |
| Date Last Updated: | 2012-03-02 12:57 UTC |
| Document Revision: | 12 |