CVE-2007-5413

httpd.tkd in Radia Integration Server in Hewlett-Packard (HP) OpenView Configuration Management (CM) Infrastructure 4.0 through 4.2i and Client Configuration Manager (CCM) 2.0 allows remote attackers to read arbitrary files via URLs containing tilde (~) references to home directories, as demonstrated by ~root.

Published: Oct 29, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-5413
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
hp / openview_configuration_management	4.0	4.0.x
hp / openview_configuration_management	4.1	4.1.x
hp / openview_configuration_management	4.2i	4.2i.x
hp / openview_configuration_management	4.2	4.2.x
hp / openview_client_configuraton_manager	2.0	2.0.x

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01205079
http://osvdb.org/39528
http://secunia.com/advisories/27341
http://www.securityfocus.com/archive/1/483106/100/100/threaded
http://www.securitytracker.com/id?1018858
http://www.vupen.com/english/advisories/2007/3620
http://www.zerodayinitiative.com/advisories/ZDI-07-060.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/37400

Vulnerability Database

CVE-2007-5413