CVE-2011-1736 (GCVE-0-2011-1736)
Vulnerability from cvelistv5
Published
2011-05-07 19:00
Modified
2024-08-06 22:37
Severity ?
CWE
  • n/a
Summary
Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message.
References
hp-security-alert@hp.comhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240Vendor Advisory
hp-security-alert@hp.comhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240Vendor Advisory
hp-security-alert@hp.comhttp://osvdb.org/72195
hp-security-alert@hp.comhttp://secunia.com/advisories/44402
hp-security-alert@hp.comhttp://www.securityfocus.com/archive/1/517772/100/0/threaded
hp-security-alert@hp.comhttp://www.securityfocus.com/bid/47638
hp-security-alert@hp.comhttp://www.securitytracker.com/id?1025454
hp-security-alert@hp.comhttp://zerodayinitiative.com/advisories/ZDI-11-152/
hp-security-alert@hp.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/67209
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/72195
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/44402
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/517772/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/47638
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1025454
af854a3a-2127-422b-91ae-364da2661108http://zerodayinitiative.com/advisories/ZDI-11-152/
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/67209
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:37:25.701Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20110429 ZDI-11-152: HP Data Protector Backup Client Service GET_FILE Directory Traversal Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/517772/100/0/threaded"
          },
          {
            "name": "72195",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/72195"
          },
          {
            "name": "47638",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47638"
          },
          {
            "name": "HPSBMA02668",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240"
          },
          {
            "name": "SSRT100474",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240"
          },
          {
            "name": "openview-data-code-exec(67209)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67209"
          },
          {
            "name": "44402",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44402"
          },
          {
            "name": "1025454",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025454"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://zerodayinitiative.com/advisories/ZDI-11-152/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-04-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "shortName": "hp"
      },
      "references": [
        {
          "name": "20110429 ZDI-11-152: HP Data Protector Backup Client Service GET_FILE Directory Traversal Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/517772/100/0/threaded"
        },
        {
          "name": "72195",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/72195"
        },
        {
          "name": "47638",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47638"
        },
        {
          "name": "HPSBMA02668",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240"
        },
        {
          "name": "SSRT100474",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240"
        },
        {
          "name": "openview-data-code-exec(67209)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67209"
        },
        {
          "name": "44402",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44402"
        },
        {
          "name": "1025454",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025454"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://zerodayinitiative.com/advisories/ZDI-11-152/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "hp-security-alert@hp.com",
          "ID": "CVE-2011-1736",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20110429 ZDI-11-152: HP Data Protector Backup Client Service GET_FILE Directory Traversal Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/517772/100/0/threaded"
            },
            {
              "name": "72195",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/72195"
            },
            {
              "name": "47638",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47638"
            },
            {
              "name": "HPSBMA02668",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240"
            },
            {
              "name": "SSRT100474",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240"
            },
            {
              "name": "openview-data-code-exec(67209)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67209"
            },
            {
              "name": "44402",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44402"
            },
            {
              "name": "1025454",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025454"
            },
            {
              "name": "http://zerodayinitiative.com/advisories/ZDI-11-152/",
              "refsource": "MISC",
              "url": "http://zerodayinitiative.com/advisories/ZDI-11-152/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
    "assignerShortName": "hp",
    "cveId": "CVE-2011-1736",
    "datePublished": "2011-05-07T19:00:00",
    "dateReserved": "2011-04-19T00:00:00",
    "dateUpdated": "2024-08-06T22:37:25.701Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-1736\",\"sourceIdentifier\":\"hp-security-alert@hp.com\",\"published\":\"2011-05-07T19:55:01.497\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de salto de directorio en OmniInet.exe en Backup Client Service en HP OpenView Storage Data Protector v6.00, v6.10, y v6.11 permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de secuencias de salto de directorio en un nombre de fichero en un mensaje GET_FILE.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:N/A:P\",\"baseScore\":8.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":7.8,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_storage_data_protector:6.00:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD25EB53-4062-4054-BBB9-AF0676E86C98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_storage_data_protector:6.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F55A6FD-8104-4A26-A803-F8971AED5940\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:openview_storage_data_protector:6.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42BAF885-79EF-418C-A391-751AA8593E85\"}]}]}],\"references\":[{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240\",\"source\":\"hp-security-alert@hp.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240\",\"source\":\"hp-security-alert@hp.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/72195\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"http://secunia.com/advisories/44402\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/517772/100/0/threaded\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"http://www.securityfocus.com/bid/47638\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"http://www.securitytracker.com/id?1025454\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"http://zerodayinitiative.com/advisories/ZDI-11-152/\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67209\",\"source\":\"hp-security-alert@hp.com\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02810240\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/72195\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/44402\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/517772/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/47638\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1025454\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://zerodayinitiative.com/advisories/ZDI-11-152/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/67209\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.