Vulnerabilities > CVE-2013-0531 - Cryptographic Issues vulnerability in IBM Security Appscan
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The SSL implementation in IBM Security AppScan Enterprise before 8.7.0.1 enables cipher suites with weak encryption algorithms, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 62179 CVE(CAN) ID: CVE-2013-0531 IBM Securityl AppScan Enterprise 是一个基于Web 的多用户Web 应用程序安全解决方案,提供集中的安全性扫描、数据合并和报告、补救功能、执行仪表板等功能 IBM Security AppScan Enterprise (即之前的IBM Rational AppScan Enterprise) 支持使用弱加密算法的SSL套件,攻击者无需本地网络访问及身份验证,即可利用此漏洞解密客户端和服务器之间的通讯,或在客户端上执行中间人攻击,从而获取敏感信息,执行未授权操作 0 IBM Rational AppScan Enterprise 5.6-8.7 厂商补丁: IBM --- IBM已经为此发布了一个安全公告(1640352)以及相应补丁: 1640352:Multiple vulnerabilities in IBM Security AppScan Enterprise (CVE-2013-0531, CVE-2013-0440, CVE-2013-2997) 链接:http://www-01.ibm.com/support/docview.wss?uid=swg21640352 |
| id | SSV:60997 |
| last seen | 2017-11-19 |
| modified | 2013-09-13 |
| published | 2013-09-13 |
| reporter | Root |
| title | IBM Security AppScan Enterprise 弱密码安全绕过漏洞(CVE-2013-0531) |