CVE-2011-0345 Information

Description

Directory traversal vulnerability in the NMS server in Alcatel-Lucent OmniVista 4760 R5.1.06.03 and earlier allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests related to the lang variable.

Reference

http://seclists.org/fulldisclosure/2011/Mar/8 http://secunia.com/advisories/43507 http://securityreason.com/securityalert/8122 http://www.alcatel-lucent.com/wps/DocumentStreamerServlet?LMSG_CABINET=Corporate&LMSG_CONTENT_FILE=Support/Security/2011002.pdf http://www.securityfocus.com/archive/1/516768/100/0/threaded http://www.securityfocus.com/bid/46624 http://www.vupen.com/english/advisories/2011/0548 https://exchange.xforce.ibmcloud.com/vulnerabilities/65848