|
|
|||
| Rule General Information |
|---|
| Release Date: | 2015-04-17 | |
| Rule Name: | ZOHO ManageEngine Applications Manager Failoverhelperservlet Copyfile Information Disclosure Vulnerability -4 (CVE-2014-7863) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | An information disclosure vulnerability was found in ManageEngine OpManager, Applications Manager and IT360. The vulnerability is caused by lacking of authentication and deficient input validation of the a parameter which was sent to FailOverHelperServlet in HTTP requests. | |
| Impact: | An attacker can abtain sensitive information of the target victim, and do malicious actions to gain profits using the information. | |
| Affected OS: | Windows, Linux | |
| Reference: | https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerabilities-in-failoverhelperservlet https://packetstormsecurity.com/files/130162/ManageEngine-File-Download-Content-Disclosure-SQL-Injection.html https://exchange.xforce.ibmcloud.com/vulnerabilities/100554 https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_failservlet.txt |
|
| Solutions |
|---|
| More advisories have been published on the website, please visit for more suggestions: https://support.zoho.com/portal/manageengine/helpcenter/articles/vulnerabilities-in-failoverhelperservlet |