IBM Rational Focal Point RequestAccessController Servlet File Disclosure

low Nessus Plugin ID 72862

Synopsis

The remote host is affected by a file disclosure vulnerability.

Description

Nessus was able to exploit a file disclosure vulnerability in the RequestAccessController serlvet on the remote IBM Focal Point install. A remote attacker could leverage this vulnerability to view sensitive files (such as configuration files).

Solution

Apply the appropriate patch per the referenced vendor advisory.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-13-285/

http://www-01.ibm.com/support/docview.wss?uid=swg21654471

Plugin Details

Severity: Low

ID: 72862

File Name: ibm_rational_focalpoint_rac_file_disclosure.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 3/6/2014

Updated: 5/28/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.6

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2013-5398

Vulnerability Information

CPE: cpe:/a:ibm:rational_focal_point

Required KB Items: www/ibm_rational_focal_point

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 12/13/2013

Vulnerability Publication Date: 12/13/2013

Reference Information

CVE: CVE-2013-5398

BID: 64339