Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1839

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-1839
Last Modified 02 May 2011 12:00:00
Published 28 Apr 2011 02:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1839

Summary

IBM Rational Build Forge 7.1.0 uses the HTTP GET method during redirection from the authentication servlet to a PHP script, which makes it easier for context-dependent attackers to discover session IDs by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.

Vulnerable Systems

Application

  • Ibm Rational Build Forge 7.1.0


References

XF - ibm-rational-servlet-info-disclosure(66714)

VUPEN - ADV-2011-0919

AIXAPAR - PM29655


Last Updated: 27 May 2016 10:56:49