Computer Security
[EN] securityvulns.ru no-pyccku


IBM WebSphere information leakage
Published:19.07.2013
Source:
SecurityVulns ID:13210
Type:remote
Threat Level:
4/10
Description:Access token inside URL.
Affected:IBM : WebSphere Commerce Enterprise 5.6
 IBM : WebSphere Commerce Enterprise 6.0
 IBM : WebSphere Commerce Enterprise 7.0
CVE:CVE-2013-0523 (IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8 processing of the krypto parameter, and leverages unspecified browser access or traffic-log access.)
Original documentdocumentVSR Advisories, [CVE-2013-0523] IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks (19.07.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod