IBM Rational ClearQuest 8.0 – Multiple Vulnerabilities

• Exploit Database
• 49 阅读

• 作者： anonymous
  日期： 2012-08-27
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/37643/

• source: https://www.securityfocus.com/bid/55125/info
  
  IBM Rational ClearQuest is prone to the following security vulnerabilities:
  
  1. An HTML-injection vulnerability.
  
  2. Multiple information-disclosure vulnerabilities.
  
  3. A security-bypass vulnerability.
  
  Attackers may leverage these issues to obtain potentially sensitive session information, bypass certain security restrictions, execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible.
  
  The following versions are affected:
  
  IBM Rational ClearQuest 7.1.x through versions 7.1.2.7
  IBM Rational ClearQuest 8.x through versions 8.0.0.3 
  
  https://www.example.com/snoop
  https://www.example.com/hello
  https://www.example.com/ivt/
  https://www.example.com/hitcount
  https://www.example.com/HitCount.jsp
  https://www.example.com/HelloHTMLError.jsp
  https://www.example.com/HelloHTML.jsp
  https://www.example.com/HelloVXMLError.jsp
  https://www.example.com/HelloVXML.jsp
  https://www.example.com/HelloWMLError.jsp
  https://www.example.com/HelloWML.jsp
  https://www.example.com/cqweb/j_security_check