Signature Detail
Short Name |
HTTP:INFO-LEAK:IBM-FP-SERLET |
|---|---|
Severity |
Medium |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
IBM Rational Focal Point Login And RequestAccessController Servlet Information Disclosure |
Release Date |
2014/02/13 |
Update Number |
2345 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: IBM Rational Focal Point Login And RequestAccessController Servlet Information Disclosure
This signature detects attempts to exploit a known vulnerability in IBM Rational Focal Point. A remote, unauthenticated attacker could exploit this vulnerability to read the configuration files of the Webservice Axis Gateway of Focal Point.
Extended Description
Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.6 before devfix5, 6.6.0.1 before devfix2, and 6.6.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-5397.
Affected Products
- ibm rational_focal_point 6.4
- ibm rational_focal_point 6.4.1.3
- ibm rational_focal_point 6.5.1
- ibm rational_focal_point 6.5.2
- ibm rational_focal_point 6.5.2.3
- ibm rational_focal_point 6.6
- ibm rational_focal_point 6.6.0.1
- ibm rational_focal_point 6.6.1
References
- BugTraq: 64339
- BugTraq: 64338
- CVE: CVE-2013-5398
- CVE: CVE-2013-5397