1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Novell IManager Arbitrary File Upload

Web Attack: Novell IManager Arbitrary File Upload

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects Arbitrary file uploads in Novell iManager.

Additional Information

Novell iManager is a web-based management portal for various Novell products.

The application is prone to an arbitrary-file-upload vulnerability because it fails to properly sanitize user-supplied input. Specifically, this issue affects the 'getMultiPartParameters()' when validating uploaded files.

An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.

Novell iManager 2.7.3.2 and prior are vulnerable.

Affected

  • Novell iManager 2.7.3.2 and prior are vulnerable.

Response

Updates are available. Please see the references for details.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube