CVE-2014-5445 & CVE-2014-5446 : Fix for Arbitrary file download

CVE-2014-5445 & CVE-2014-5446 : Fix for Arbitrary file download

Vulnerability Technical details:


Vulnerability: Arbitrary file download
Constraints: unauthenticated in NetFlow; authenticated in IT360
Affected versions: NetFlow v8.6 to v9.9; at least IT360 v10.3 and above

CVE-2014-5445:
GET /netflow/servlet/CSVServlet?schFilePath=/etc/passwd
GET /netflow/servlet/CReportPDFServlet?schFilePath=C:\\boot.ini&pdf=true

CVE-2014-5446
GET /netflow/servlet/DisplayChartPDF?filename=../../../../boot.ini

All 3 servlets can be exploited in both Windows and Linux. A
Metasploit module that exploits CVE-2014-5445 has been released.


Fix for the build 9900:

1. Stop Netflow analyzer service and Delete the folder named netflow under <NetFlow>\webapps .
2. Download and extract the files from the link below:


3. Copy and replace the NetFlowClient.jar and NetFlowCollector.jar under %Netflow%\lib .
4. Copy and replace netflow.war under %Netflow%\Webapps\
5. Delete the folder named 'Netflow' under %Netflow%\Webapps\
6. Copy and replace the web.xml file under %Netflow%\conf
7. Copy and replace the following files under %Netflow%\conf\Netflow\
  • NFColumnConf.xml
  • NFDataFormaterConf.xml
  • NFFieldCatalog.xml
  • NFRawTableConf.xml
8. Copy and replace the following files under %Netflow%\troubleshooting\
  • rawCleanup.bat
  • rawCleanup.sh

9. Start the NetFlow Analyzer service.


Fix for the build 10200:

1. Stop NetFlow analyzer service and Delete the folder named netflow under <NetFlow>\webapps 
2. Download and extract the files from the link below:

https://uploads.zohocorp.com/Internal_Useruploads/dnd/NetFlow_Analyzer/p198b0qi3b1q031vf1fjl1l2cq1g0/Patch10200.zip

3. Copy and replace the NetFlowClient.jar and NetFlowCollector.jar under %Netflow%\lib.
4. Copy and replace netflow.war under %Netflow%\Webapps\

5. Start the NetFlow Analyzer service.




          • Related Articles

          • Consolidated FIX for NFAPlugin-10250

            Note: This can be done with NetFlow Analyzer build 10250 only. Take the backup of the files before replacing. The consolidated fix is available over 10250 which includes : 1) Alert Profile query optimization 2) Custom DashBoard Report 3) Application ...
          • Consolidated Fix for Build 11001

            Note: This can be done with NetFlow Analyzer build 11001 only. Take the backup of the files before replacing. For Distributed Edition, make sure to follow the steps in Central and Collector servers. Download the Fix from the below link, it contains ...
          • Consolidated fix for NetFlow Analyzer Build 10250 for Stand Alone

            Note: This can be done with NetFlow Analyzer build 10250 only. Take the backup of the files before replacing. For Distributed Edition, make sure to follow the steps in Central and Collector servers. The consolidated fix is available over 10250 which ...
          • FIX for NFA-10250 for ASA issue and OUT traffic not shown for devices

            This Patch is applicable only over the NetFlow Analyzer build 10250 Please download and unzip the patch file from the below link: https://uploads.zohocorp.com/Internal_Useruploads/dnd/NetFlow_Analyzer/o_19uprk25h3r21ci71tru24t1ule1/Fix.zip It ...
          • Fix for Cisco ASA showing 0.0.0.0.0.0 for source and Destination for build 9900

            Thank you for your time during the call. Please follow the below steps and check on the issue: 1) Stop the NetFlow Analyzer Service. 2) Open Command prompt as administrator and navigate to NetFlow_Home/bin and execute startDB.bat two times for ...