ID CVE-2011-2750
Summary NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD.
References
Vulnerable Configurations
  • cpe:2.3:a:novell:file_reporter:1.0.1
    cpe:2.3:a:novell:file_reporter:1.0.1
  • cpe:2.3:a:novell:file_reporter:1.0.1.1
    cpe:2.3:a:novell:file_reporter:1.0.1.1
  • Novell File Reporter (NFR) 1.0.2
    cpe:2.3:a:novell:file_reporter:1.0.2
  • cpe:2.3:a:novell:file_reporter:1.0.4.2
    cpe:2.3:a:novell:file_reporter:1.0.4.2
CVSS
Base: 5.0 (as of 18-07-2011 - 09:45)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
metasploit via4
description NFRAgent.exe in Novell File Reporter allows remote attackers to delete arbitrary files via a full pathname in an SRS request with OPERATION set to 4 and CMD set to 5 against /FSF/CMD. This module has been tested successfully on NFR Agent 1.0.4.3 (File Reporter 1.0.2) and NFR Agent 1.0.3.22 (File Reporter 1.0.1) on Windows platforms.
id MSF:AUXILIARY/ADMIN/HTTP/NOVELL_FILE_REPORTER_FILEDELETE
last seen 2019-03-28
modified 2017-07-24
published 2012-09-13
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/novell_file_reporter_filedelete.rb
title Novell File Reporter Agent Arbitrary File Delete
refmap via4
bugtraq 20110627 Arbitrary files deletion in Novell File Reporter 1.0.4.2
misc http://aluigi.org/adv/nfr_2-adv.txt
sectrack 1025716
secunia 45071
sreason 8309
Last major update 21-09-2011 - 23:32
Published 17-07-2011 - 16:55
Last modified 09-10-2018 - 15:33
Back to Top