Summary
This host is running IBM Platform Symphony Developer Edition and is prone to authentication bypass vulnerability.
Impact
Successful exploitation will allow remote attackers to gain access to the local environment.
Impact Level: Application.
Solution
Apply the workaround from below link,
http://www-01.ibm.com/support/docview.wss?uid=isg3T1020564
Insight
The flaw is in a servlet in the application, which authenticates a user with built-in credentials.
Affected
IBM Platform Symphony Developer Edition 5.2 and 6.1.x through 6.1.1
Detection
Send a crafted exploit string via HTTP GET request and check whether it is able to read the string or not.
References
Severity
Classification
-
CVE CVE-2013-5400 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
- AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
- ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities
- Apple Safari PDF Javascript Security Bypass Bypass Vulnerability
- Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities