Computer Security
[EN] no-pyccku

IBM WebSphere information leakage
SecurityVulns ID:13210
Threat Level:
Description:Access token inside URL.
Affected:IBM : WebSphere Commerce Enterprise 5.6
 IBM : WebSphere Commerce Enterprise 6.0
 IBM : WebSphere Commerce Enterprise 7.0
CVE:CVE-2013-0523 (IBM WebSphere Commerce Enterprise 5.6.x through, 6.0.x through, and 7.0.x through does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8 processing of the krypto parameter, and leverages unspecified browser access or traffic-log access.)
Original documentdocumentVSR Advisories, [CVE-2013-0523] IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks (19.07.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod