Information Disclosure in IBM Rational Build Forge from HTTP Redirection
CVE-2011-1839

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Build Forge
Vendor: CVE Published:; 28 April 2011

Summary

IBM Rational Build Forge version 7.1.0 is vulnerable due to the use of the HTTP GET method in the redirection process from the authentication servlet to a PHP script. This design flaw allows context-dependent attackers to potentially expose session IDs by accessing web server logs, including access logs, Referer logs, or via the user's browser history. This could lead to unauthorized access and compromise user sessions, emphasizing the importance of secure coding practices and the need for updates to mitigate such vulnerabilities.

References

http://www.vupen.com/english/advisories/2011/0919

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/66714

vdb-entryx_refsource_XF

http://www.ibm.com/support/docview.wss?uid=swg1PM29655

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Apr 28, 2011
Vulnerability Reserved
Apr 28, 2011