Summary
This host is running IBM Platform Symphony Developer Edition and is prone to authentication bypass vulnerability.
Impact
Successful exploitation will allow remote attackers to gain access to the local environment.
Impact Level: Application.
Solution
Apply the workaround from below link,
http://www-01.ibm.com/support/docview.wss?uid=isg3T1020564
Insight
The flaw is in a servlet in the application, which authenticates a user with built-in credentials.
Affected
IBM Platform Symphony Developer Edition 5.2 and 6.1.x through 6.1.1
Detection
Send a crafted exploit string via HTTP GET request and check whether it is able to read the string or not.
References
Severity
Classification
-
CVE CVE-2013-5400 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities
- AlefMentor Multiple SQL Injection Vulnerabilities
- Assesi 'bg' Parameter SQL Injection vulnerability
- Advanced Guestbook Index.PHP SQL Injection Vulnerability