IBM Rational Focal Point Login Servlet File Disclosure

low Nessus Plugin ID 72861

Synopsis

The remote host is affected by a file disclosure vulnerability.

Description

Nessus was able to exploit a file disclosure vulnerability in the Login servlet on the remote IBM Focal Point install. A remote attacker could potentially use this vulnerability to view sensitive files (such as configuration files).

Solution

Apply the appropriate patch per the referenced vendor advisory.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-13-284/

http://www-01.ibm.com/support/docview.wss?uid=swg21654471

Plugin Details

Severity: Low

ID: 72861

File Name: ibm_rational_focalpoint_login_file_disclosure.nasl

Version: 1.7

Type: remote

Family: CGI abuses

Published: 3/6/2014

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.6

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2013-5397

Vulnerability Information

CPE: cpe:/a:ibm:rational_focal_point

Required KB Items: www/ibm_rational_focal_point

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 12/13/2013

Vulnerability Publication Date: 12/13/2013

Reference Information

CVE: CVE-2013-5397

BID: 64338