Vulnerabilities > CVE-2011-2750 - Resource Management Errors vulnerability in Novell File Reporter 1.0.1/1.0.1.1/1.0.2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Common Weakness Enumeration (CWE)
Metasploit
| description | NFRAgent.exe in Novell File Reporter allows remote attackers to delete arbitrary files via a full pathname in an SRS request with OPERATION set to 4 and CMD set to 5 against /FSF/CMD. This module has been tested successfully on NFR Agent 1.0.4.3 (File Reporter 1.0.2) and NFR Agent 1.0.3.22 (File Reporter 1.0.1) on Windows platforms. |
| id | MSF:AUXILIARY/ADMIN/HTTP/NOVELL_FILE_REPORTER_FILEDELETE |
| last seen | 2019-12-28 |
| modified | 2017-07-24 |
| published | 2012-09-13 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/admin/http/novell_file_reporter_filedelete.rb |
| title | Novell File Reporter Agent Arbitrary File Delete |
References
- http://aluigi.org/adv/nfr_2-adv.txt
- http://secunia.com/advisories/45071
- http://securityreason.com/securityalert/8309
- http://securitytracker.com/id?1025716
- http://www.securityfocus.com/archive/1/518626/100/0/threaded
- http://aluigi.org/adv/nfr_2-adv.txt
- http://www.securityfocus.com/archive/1/518626/100/0/threaded
- http://securitytracker.com/id?1025716
- http://securityreason.com/securityalert/8309
- http://secunia.com/advisories/45071