Vulnerabilities > CVE-2008-1287 - Configuration vulnerability in IBM Rational Clearquest 7.0.0.2/7.0.1.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
References
- http://secunia.com/advisories/29280
- http://secunia.com/advisories/29280
- http://www.securityfocus.com/bid/28132
- http://www.securityfocus.com/bid/28132
- http://www.securitytracker.com/id?1019566
- http://www.securitytracker.com/id?1019566
- http://www.vupen.com/english/advisories/2008/0804/references
- http://www.vupen.com/english/advisories/2008/0804/references
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK55561
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK55561
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41042
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41042