CVE-2014-0871
CVE-2014-0871
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to obtain potentially sensitive Tomcat stack-trace information via non-printing characters in a cookie to the /classes/ URI, as demonstrated by the \x00 character.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.htmlunverifiedexploitdbwww.exploit-db.com/exploits/33942unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.htmlhttp://seclists.org/fulldisclosure/2014/Jun/173http://secunia.com/advisories/59296https://exchange.xforce.ibmcloud.com/vulnerabilities/90945https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txthttp://www-01.ibm.com/support/docview.wss?uid=swg21675881http://www.securityfocus.com/archive/1/532598/100/0/threaded