Sign-up

ID

VAR-200703-0308


CVE

CVE-2007-1642


TITLE

ManageEngine Firewall Analyzer Vulnerabilities in accessing arbitrary common files

Trust: 0.8

sources: JVNDB: JVNDB-2007-003571

DESCRIPTION

Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request. ManageEngine Firewall Analyzer is prone to a remote information-disclosure vulnerability. A remote authenticated attacker can leverage this issue to access sensitive data. Information obtained could aid in further attacks. ---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ http://secunia.com/Linux_Security_Specialist/ ---------------------------------------------------------------------- TITLE: ManageEngine Firewall Analyzer Information Disclosure SECUNIA ADVISORY ID: SA24707 VERIFY ADVISORY: http://secunia.com/advisories/24707/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: >From remote SOFTWARE: ManageEngine Firewall Analyzer 4.x http://secunia.com/product/13811/ DESCRIPTION: yearsilent has reported a security issue in ManageEngine Firewall Analyzer, which can be exploited by malicious users to disclose potentially sensitive information. SOLUTION: Reportedly, the vulnerability will be fixed in build 4030. Please contact the vendor for early access to this build version. PROVIDED AND/OR DISCOVERED BY: yearsilent ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-1642 // JVNDB: JVNDB-2007-003571 // BID: 23097 // VULHUB: VHN-25004 // PACKETSTORM: 55479

AFFECTED PRODUCTS

vendor:manageenginemodel:firewall analyzerscope:eqversion:4.0

Trust: 1.6

vendor:zohomodel:manageengine firewall analyzerscope: - version: -

Trust: 0.8

vendor:manageenginemodel:firewall analyzerscope:eqversion:4

Trust: 0.3

vendor:manageenginemodel:firewall analyzer buildscope:neversion:44030

Trust: 0.3

sources: BID: 23097 // JVNDB: JVNDB-2007-003571 // CNNVD: CNNVD-200703-576 // NVD: CVE-2007-1642

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-1642
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-1642
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200703-576
value: MEDIUM

Trust: 0.6

VULHUB: VHN-25004
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-1642
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-25004
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-25004 // JVNDB: JVNDB-2007-003571 // CNNVD: CNNVD-200703-576 // NVD: CVE-2007-1642

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2007-1642

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200703-576

TYPE

Design Error

Trust: 0.9

sources: BID: 23097 // CNNVD: CNNVD-200703-576

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-003571

PATCH
title:Firewall Analyzerurl:http://www.manageengine.com/products/firewall/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-003571

EXTERNAL IDS
db:NVDid:CVE-2007-1642
Trust: 2.5
db:BIDid:23097
Trust: 2.0
db:SECUNIAid:24707
Trust: 1.8
db:OSVDBid:34525
Trust: 1.7
db:SREASONid:2479
Trust: 1.7
db:JVNDBid:JVNDB-2007-003571
Trust: 0.8
db:CNNVDid:CNNVD-200703-576
Trust: 0.7
db:XFid:33319
Trust: 0.6
db:BUGTRAQid:20070329 RE: MANAGEENGINE FIREWALL ANALYZER ARBITRARY FILE DISCLOSURE TO AUTHORIZED USER
Trust: 0.6
db:BUGTRAQid:20070322 MANAGEENGINE FIREWALL ANALYZER ARBITRARY FILE DISCLOSURE TO AUTHORIZED USER
Trust: 0.6
db:BUGTRAQid:20070330 RE: MANAGEENGINE FIREWALL ANALYZER ARBITRARY FILE DISCLOSURE TO AUTHORIZED USER
Trust: 0.6
db:VULHUBid:VHN-25004
Trust: 0.1
db:PACKETSTORMid:55479
Trust: 0.1
sources:
            
            
            VULHUB: VHN-25004 // 
            
            
            
            BID: 23097 // 
            
            
            
            JVNDB: JVNDB-2007-003571 // 
            
            
            
            PACKETSTORM: 55479 // 
            
            
            
            CNNVD: CNNVD-200703-576 // 
            
            
            
            NVD: CVE-2007-1642

REFERENCES
url:http://www.securityfocus.com/bid/23097
Trust: 1.7
url:http://osvdb.org/34525
Trust: 1.7
url:http://secunia.com/advisories/24707
Trust: 1.7
url:http://securityreason.com/securityalert/2479
Trust: 1.7
url:http://www.securityfocus.com/archive/1/463509/100/0/threaded
Trust: 1.1
url:http://www.securityfocus.com/archive/1/464154/100/0/threaded
Trust: 1.1
url:http://www.securityfocus.com/archive/1/464271/100/0/threaded
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/33319
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1642
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1642
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/33319
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/464271/100/0/threaded
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/464154/100/0/threaded
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/463509/100/0/threaded
Trust: 0.6
url:/archive/1/463509
Trust: 0.3
url:/archive/1/464154
Trust: 0.3
url:/archive/1/464271
Trust: 0.3
url:http://manageengine.adventnet.com/
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/13811/
Trust: 0.1
url:http://secunia.com/disassembling_og_reversing/
Trust: 0.1
url:http://secunia.com/advisories/24707/
Trust: 0.1
url:http://secunia.com/secunia_vacancies/
Trust: 0.1
url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/linux_security_specialist/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-25004 // 
            
            
            
            BID: 23097 // 
            
            
            
            JVNDB: JVNDB-2007-003571 // 
            
            
            
            PACKETSTORM: 55479 // 
            
            
            
            CNNVD: CNNVD-200703-576 // 
            
            
            
            NVD: CVE-2007-1642

CREDITS
yearsilent is credited with the discovery of this vulnerability.
Trust: 0.9
sources:
            
            
            BID: 23097 // 
            
            
            
            CNNVD: CNNVD-200703-576

SOURCES
db:VULHUBid:VHN-25004
db:BIDid:23097
db:JVNDBid:JVNDB-2007-003571
db:PACKETSTORMid:55479
db:CNNVDid:CNNVD-200703-576
db:NVDid:CVE-2007-1642

LAST UPDATE DATE
2025-04-10T23:16:51.142000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-25004date:2018-10-16T00:00:00
db:BIDid:23097date:2007-03-30T16:53:00
db:JVNDBid:JVNDB-2007-003571date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200703-576date:2007-04-10T00:00:00
db:NVDid:CVE-2007-1642date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-25004date:2007-03-24T00:00:00
db:BIDid:23097date:2007-03-22T00:00:00
db:JVNDBid:JVNDB-2007-003571date:2012-09-25T00:00:00
db:PACKETSTORMid:55479date:2007-04-02T02:42:23
db:CNNVDid:CNNVD-200703-576date:2007-03-23T00:00:00
db:NVDid:CVE-2007-1642date:2007-03-24T00:19:00