← back
CVE-2013-4093

CVE-2013-4093

EPSS 6.9%
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via (1) a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath field, or (2) a T/keyManagement request to plain/settings.html, which reveals a temporary path in an error message.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/25977unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.htmlhttp://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt