Signature Detail

HTTP: IBM Omnifind Cross Site Request Forgery

This signature detects attempts to exploit a known cross-site Request Forgery vulnerability against IBM Omnifind. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.

Extended Description

IBM OmniFind is prone to the following vulnerabilities: 1. Cross-site scripting 2. Cross-site request forgery 3. Session fixation 4. Session impersonation 5. Remote buffer overflow 6. Privilege escalation 7. Security bypass 8. Information disclosure 9. Denial of service An attacker may exploit these issues to execute arbitrary script code in the context of the application, steal administrator authentication credentials, execute arbitrary code with root privileges, escalate privileges, bypass security restrictions and perform unauthorized actions, disclose sensitive information, or perform denial-of-service attacks. IBM OmniFind versions 8.5 and 9.0 are affected; other versions may also be vulnerable. This BID is being retired. The following individual records exist to better document the issues: 44937 IBM OmniFind Domain Root Path Cookie Security Bypass Vulnerability 44939 IBM OmniFind 'password' Field Remote Buffer Overflow Vulnerability 44940 IBM OmniFind 'command' Parameter Cross Site Scripting Vulnerability 44941 IBM OmniFind Crawler Component Denial of Service Vulnerability 44942 IBM OmniFind Remote Information Disclosure Vulnerability 44943 IBM OmniFind Session-Fixation Vulnerability 44944 IBM OmniFind 'esRunCommand' and 'estaskwrapper' Multiple Local Privilege Escalation Vulnerabilities 44945 IBM OmniFind 'ESAdmin/security.do' Cross Site Request Forgery Vulnerability 44946 IBM OmniFind Session-Impersonation Weakness 44948 IBM OmniFind 'ESSearchApplication' Security Bypass Vulnerability

Affected Products

• IBM OmniFind 8.5
• IBM OmniFind 9.0

References

• BugTraq: 44740
• CVE: CVE-2010-3891