Signature Detail
Short Name |
APP:IBM:BLADECENTER-INFO |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
IBM BladeCenter Management Module Information Disclosure |
Release Date |
2013/06/18 |
Update Number |
2273 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: IBM BladeCenter Management Module Information Disclosure
This signature detects attempts to exploit a known vulnerability in IBM BladeCenter Management Module. A successful attack can lead to unauthorized information disclosure.
Extended Description
IBM BladeCenter Management Module is prone to multiple cross-site scripting vulnerabilities, a directory-traversal vulnerability and an information-disclosure vulnerability. Exploiting these issues will allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, view arbitrary local files and directories within the context of the webserver, and to disclose sensitive information. This may let the attacker steal cookie-based authentication credentials and other information; harvested information may aid in launching further attacks. IBM BladeCenter Management Module BPET48L is affected; other versions may also be vulnerable.
Affected Products
- IBM IBM BladeCenter Managemet Module BPET48L
References
- BugTraq: 41383
- CVE: CVE-2010-2656