HTTP: IBM Rational Focal Point Login And RequestAccessController Servlet Information Disclosure
This signature detects attempts to exploit a known vulnerability in IBM Rational Focal Point. A remote, unauthenticated attacker could exploit this vulnerability to read the configuration files of the Webservice Axis Gateway of Focal Point.
Extended Description
Unspecified vulnerability in the Webservice Axis Gateway in IBM Rational Focal Point 6.4 before devfix1, 6.4.1.3 before devfix1, 6.5.1 before devfix1, 6.5.2 before devfix4, 6.5.2.3 before devfix9, 6.6 before devfix5, 6.6.0.1 before devfix2, and 6.6.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-5397.
Affected Products
Ibm rational_focal_point
Short Name
HTTP:INFO-LEAK:IBM-FP-SERLET
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
And CVE-2013-5397 CVE-2013-5398 Disclosure Focal IBM Information Login Point Rational RequestAccessController Servlet bid:64338 bid:64339
Release Date
02/13/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Ibm
CVSS Score
3.3