Intrusion Prevention

ManageEngine.Multiple.WsDiscoveryServlet.Directory.Traversal

Description

This indicates an attack attempt against an Path Traversal vulnerability in ManageEngine ServiceDesk Plus, AssetExplorer and IT360.
The vulnerability is due to insufficient sanitizing of user supplied inputs when handling a crafted HTTP packet. It allows a remote attacker to execute malicious codes against affected machine via crafted requests.

Affected Products

ManageEngine AssetExplorer prior to 6.1 build 6107
ManageEngine IT360 10.4 and prior
ManageEngine ServiceDesk Plus prior to 9.0 build 9027

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the latest update from the vendor
http://www.manageengine.com/products/service-desk/readme-9.0.html

CVE References

CVE-2014-5302