BugTraq
Back to list
|
Post reply
BMC-2015-0005: File inclusion vulnerability in "BIRT Viewer" servlet used in BMC Remedy AR Reporting
Sep 23 2015 10:36PM
appsec (appsec bmc com)
------------------------------------------------------------------------
File inclusion vulnerability in "BIRT Viewer" servlet used in BMC Remedy
AR Reporting
BMC Identifier: BMC-2015-0005
CVE Identifier: CVE-2015-5071
------------------------------------------------------------------------
By BMC Application Security, SEP 2015
------------------------------------------------------------------------
Vulnerability summary
------------------------------------------------------------------------
A security vulnerability has been identified in BMC Remedy
AR Reporting.
The vulnerability can be exploited remotely allowing navigation to
any local or remote file.
------------------------------------------------------------------------
CVSS v2.0 Base Metrics
------------------------------------------------------------------------
Reference:
CVE-2015-5071
Base Vector:
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Base Score:
4.0
------------------------------------------------------------------------
Affected versions
------------------------------------------------------------------------
The flaw has been confirmed to exist in BMC Remedy AR 8.1 and 9.0.
Earlier Versions may also be affected
------------------------------------------------------------------------
Resolution
------------------------------------------------------------------------
A hotfix as well as a workaround are available at
https://kb.bmc.com/infocenter/index?page=content&id=KA429507
------------------------------------------------------------------------
Credits
------------------------------------------------------------------------
Credit for discovery of this vulnerability: Stephan Tigges from tigges-security.de
------------------------------------------------------------------------
Reference
------------------------------------------------------------------------
CVE-2015-5071
Information about BMC's corporate procedure for external vulnerability
disclosures is at http://www.bmc.com/security
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2
owGtVm1oHEUYTpqkaVYXrxjyowY7REhM2vvIkdhkY3veHWe5xoZ6F84IFZzbm70b
u7tzzM7eh8WKWI1GFLFRtBVaEaQtpbX40WIgYim0NOAX4g+bYoVYaVMQrZpKK/ru
XRO9/PDX7p+bm5l9P573eR72VbmhblX9+83TJ64tXJ+sn5lP16UaulWvS48sPUh1
gqip6rZFmYkKtm4SjtNUp6IM+6gjEk+MohQlRcI7kEV4QScC2RbJOKeRrVGUIAbJ
lJEshROwzjMuqJmVJdhwTuMZYgqqUcIV57Y3GOjt9wYCgX5ZiqZiNcfwv3rcH9jQ
K0vu9RgpVwoN5/M6VbFw+kwS1ebQ4nqUjG1DTtZKxe7lTNUAadmGgXnZzQRhGEa1
h2VDy2ELpQkxEV3E9v9H5at0Ppojy+Ko2IQ4iJTyOqMCgnBiMEH0MsK6zorwJjJx
gWargAoGQbBZRjpTsY4Yv3UdaUAwSOFm69FUMokKQV8ARbBF0FYiOFUtNzMkiEY4
MVWitFR4+l9eAp+crCmiCsaVFueRpXvDKWXEH44qD/nDtpL0R5Vt/rizo4x0o5al
l5Iq40SRpT5fwF1IwpoG9cCQCoQ7QnYVDYcbmo6L/1JLZaZGOZDJmTspUUssoxgQ
bMDXi7CZQYO+gA+4EcNcB5kDbtUCkYEdJlnMIRm+Vb7LIkwQi+m2w093lZdjQqMl
BGgUia47vxgVGd+BObOhY8yhowKmOk6DuWJR6SonRN5S/P4daV/aUH0qM/zU1JgK
GiUclhlSCuVxlmwEbAVsdtLMxuFwX3AQWOcyLFFOMlS4SpFqSKSB7jPUUhnQsIyY
hkSOWrW+oqCkIPkcmMsozWaJhTTODCQqa++ipfkyxF19LAnaXR+qMQaYURwmyo2q
I+I0s4WjiS4L9MLBbTHYYZ7DyDM2MMTBipRg+Cb4Za31ypIDos4suGchQBAL5PAH
6NNaLBaXCLQI14v17Y119avqVjatcL4O6qQWz+Inw8HNzX/jFevbtvjbd0/0vfbN
OLoZ+Gxfz9p1ezqN2OTlxu7Q6m+vL0wP/zXWOnv84fTF9z49K91/bG//s5+3XYtm
z2/Qfnlg5ezcmpHBo+qXW868ceqTyWc+2Pv9/osvb78QWn2p9NH44+cu3ffxxM7f
fvzzxpkndodeGZLW/Dz/1q5DA2OPep6KHb974YXHhk9emJvYZH94x+YvvuuYPss6
zX13nY73NHad2xk99vw7gaEjL03d1nOAPSIP3LPp3VPGnN3Q6W3+Ou05cf4r7832
t3dtP/THwu308Mmrwde7f9rjx0OHg/vHn2ydOjpzhTb+oF9uGz1wYz4y9ntTk+f0
1JXZmaueN+8M/ZpaS57uan7uYO4f
=XWhq
-----END PGP MESSAGE-----
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
File inclusion vulnerability in "BIRT Viewer" servlet used in BMC Remedy
AR Reporting
BMC Identifier: BMC-2015-0005
CVE Identifier: CVE-2015-5071
------------------------------------------------------------------------
By BMC Application Security, SEP 2015
------------------------------------------------------------------------
Vulnerability summary
------------------------------------------------------------------------
A security vulnerability has been identified in BMC Remedy
AR Reporting.
The vulnerability can be exploited remotely allowing navigation to
any local or remote file.
------------------------------------------------------------------------
CVSS v2.0 Base Metrics
------------------------------------------------------------------------
Reference:
CVE-2015-5071
Base Vector:
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Base Score:
4.0
------------------------------------------------------------------------
Affected versions
------------------------------------------------------------------------
The flaw has been confirmed to exist in BMC Remedy AR 8.1 and 9.0.
Earlier Versions may also be affected
------------------------------------------------------------------------
Resolution
------------------------------------------------------------------------
A hotfix as well as a workaround are available at
https://kb.bmc.com/infocenter/index?page=content&id=KA429507
------------------------------------------------------------------------
Credits
------------------------------------------------------------------------
Credit for discovery of this vulnerability: Stephan Tigges from tigges-security.de
------------------------------------------------------------------------
Reference
------------------------------------------------------------------------
CVE-2015-5071
Information about BMC's corporate procedure for external vulnerability
disclosures is at http://www.bmc.com/security
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2
owGtVm1oHEUYTpqkaVYXrxjyowY7REhM2vvIkdhkY3veHWe5xoZ6F84IFZzbm70b
u7tzzM7eh8WKWI1GFLFRtBVaEaQtpbX40WIgYim0NOAX4g+bYoVYaVMQrZpKK/ru
XRO9/PDX7p+bm5l9P573eR72VbmhblX9+83TJ64tXJ+sn5lP16UaulWvS48sPUh1
gqip6rZFmYkKtm4SjtNUp6IM+6gjEk+MohQlRcI7kEV4QScC2RbJOKeRrVGUIAbJ
lJEshROwzjMuqJmVJdhwTuMZYgqqUcIV57Y3GOjt9wYCgX5ZiqZiNcfwv3rcH9jQ
K0vu9RgpVwoN5/M6VbFw+kwS1ebQ4nqUjG1DTtZKxe7lTNUAadmGgXnZzQRhGEa1
h2VDy2ELpQkxEV3E9v9H5at0Ppojy+Ko2IQ4iJTyOqMCgnBiMEH0MsK6zorwJjJx
gWargAoGQbBZRjpTsY4Yv3UdaUAwSOFm69FUMokKQV8ARbBF0FYiOFUtNzMkiEY4
MVWitFR4+l9eAp+crCmiCsaVFueRpXvDKWXEH44qD/nDtpL0R5Vt/rizo4x0o5al
l5Iq40SRpT5fwF1IwpoG9cCQCoQ7QnYVDYcbmo6L/1JLZaZGOZDJmTspUUssoxgQ
bMDXi7CZQYO+gA+4EcNcB5kDbtUCkYEdJlnMIRm+Vb7LIkwQi+m2w093lZdjQqMl
BGgUia47vxgVGd+BObOhY8yhowKmOk6DuWJR6SonRN5S/P4daV/aUH0qM/zU1JgK
GiUclhlSCuVxlmwEbAVsdtLMxuFwX3AQWOcyLFFOMlS4SpFqSKSB7jPUUhnQsIyY
hkSOWrW+oqCkIPkcmMsozWaJhTTODCQqa++ipfkyxF19LAnaXR+qMQaYURwmyo2q
I+I0s4WjiS4L9MLBbTHYYZ7DyDM2MMTBipRg+Cb4Za31ypIDos4suGchQBAL5PAH
6NNaLBaXCLQI14v17Y119avqVjatcL4O6qQWz+Inw8HNzX/jFevbtvjbd0/0vfbN
OLoZ+Gxfz9p1ezqN2OTlxu7Q6m+vL0wP/zXWOnv84fTF9z49K91/bG//s5+3XYtm
z2/Qfnlg5ezcmpHBo+qXW868ceqTyWc+2Pv9/osvb78QWn2p9NH44+cu3ffxxM7f
fvzzxpkndodeGZLW/Dz/1q5DA2OPep6KHb974YXHhk9emJvYZH94x+YvvuuYPss6
zX13nY73NHad2xk99vw7gaEjL03d1nOAPSIP3LPp3VPGnN3Q6W3+Ou05cf4r7832
t3dtP/THwu308Mmrwde7f9rjx0OHg/vHn2ydOjpzhTb+oF9uGz1wYz4y9ntTk+f0
1JXZmaueN+8M/ZpaS57uan7uYO4f
=XWhq
-----END PGP MESSAGE-----
[ reply ]