CVE-2007-5413

httpd.tkd in Radia Integration Server in Hewlett-Packard (HP) OpenView Configuration Management (CM) Infrastructure 4.0 through 4.2i and Client Configuration Manager (CCM) 2.0 allows remote attackers to read arbitrary files via URLs containing tilde (~) references to home directories, as demonstrated by ~root.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hp:openview_client_configuraton_manager:2.0:*:windows:*:*:*:*:*
cpe:2.3:a:hp:openview_configuration_management:4.0:*:aix:*:*:*:*:*
cpe:2.3:a:hp:openview_configuration_management:4.0:*:hpux:*:*:*:*:*
cpe:2.3:a:hp:openview_configuration_management:4.0:*:linux:*:*:*:*:*
cpe:2.3:a:hp:openview_configuration_management:4.0:*:solaris:*:*:*:*:*
cpe:2.3:a:hp:openview_configuration_management:4.0:*:windows:*:*:*:*:*
cpe:2.3:a:hp:openview_configuration_management:4.1:*:aix:*:*:*:*:*
cpe:2.3:a:hp:openview_configuration_management:4.1:*:hpux:*:*:*:*:*
cpe:2.3:a:hp:openview_configuration_management:4.1:*:linux:*:*:*:*:*
cpe:2.3:a:hp:openview_configuration_management:4.1:*:solaris:*:*:*:*:*
cpe:2.3:a:hp:openview_configuration_management:4.1:*:windows:*:*:*:*:*
cpe:2.3:a:hp:openview_configuration_management:4.2:*:aix:*:*:*:*:*
cpe:2.3:a:hp:openview_configuration_management:4.2:*:hpux:*:*:*:*:*
cpe:2.3:a:hp:openview_configuration_management:4.2:*:linux:*:*:*:*:*
cpe:2.3:a:hp:openview_configuration_management:4.2:*:solaris:*:*:*:*:*
cpe:2.3:a:hp:openview_configuration_management:4.2:*:windows:*:*:*:*:*
cpe:2.3:a:hp:openview_configuration_management:4.2i:*:aix:*:*:*:*:*
cpe:2.3:a:hp:openview_configuration_management:4.2i:*:hpux:*:*:*:*:*
cpe:2.3:a:hp:openview_configuration_management:4.2i:*:linux:*:*:*:*:*
cpe:2.3:a:hp:openview_configuration_management:4.2i:*:solaris:*:*:*:*:*
cpe:2.3:a:hp:openview_configuration_management:4.2i:*:windows:*:*:*:*:*

History

No history.

Information

Published : 2007-10-29 22:46

Updated : 2024-02-28 11:01


NVD link : CVE-2007-5413

Mitre link : CVE-2007-5413

CVE.ORG link : CVE-2007-5413


JSON object : View

Products Affected

hp

  • openview_client_configuraton_manager
  • openview_configuration_management
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor