Vulnerabilities > CVE-2013-4092 - Credentials Management vulnerability in Imperva Securesphere 9.0.0.5

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
imperva
CWE-255
exploit available

Summary

The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of (1) a session ID in the jsessionid field to secsphLogin.jsp or (2) credentials in the j_password parameter to j_acegi_security_check, and reading (a) web-server access logs, (b) web-server Referer logs, or (c) the browser history.

Vulnerable Configurations

Part Description Count
Application
Imperva
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionImperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities. CVE-2013-4091,CVE-2013-4092,CVE-2013-4093,CVE-2013-4094,CVE-2013-4095. Webapps ex...
idEDB-ID:25977
last seen2016-02-03
modified2013-06-05
published2013-06-05
reporterPedro Andujar
sourcehttps://www.exploit-db.com/download/25977/
titleImperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities