|
|||
Rule General Information |
---|
Release Date: | 2015-04-17 | |
Rule Name: | ZOHO ManageEngine Applications Manager Failoverhelperservlet Copyfile Information Disclosure Vulnerability -4 (CVE-2014-7863) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | An information disclosure vulnerability was found in ManageEngine OpManager, Applications Manager and IT360. The vulnerability is caused by lacking of authentication and deficient input validation of the a parameter which was sent to FailOverHelperServlet in HTTP requests. | |
Impact: | An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information. | |
Affected OS: | Windows, Linux | |
Reference: | https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerabilities-in-failoverhelperservlet https://packetstormsecurity.com/files/130162/ManageEngine-File-Download-Content-Disclosure-SQL-Injection.html https://exchange.xforce.ibmcloud.com/vulnerabilities/100554 https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_failservlet.txt |
|
Solutions |
---|
More advisories have been published on the website, please visit for more suggestions: https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerabilities-in-failoverhelperservlet |