Information Disclosure Vulnerability in IBM Rational AppScan Enterprise
CVE-2012-0735

Currently unrated

Key Information:

Vendor: IBM
Status: Rational Appscan
Vendor: CVE Published:; 3 May 2012

Summary

In IBM Rational AppScan Enterprise versions 5.x and 8.x prior to 8.5.0.1, the application fails to properly scan file: URLs. This vulnerability allows man-in-the-middle attackers to potentially intercept sensitive information by crafting malicious URIs, leading to unauthorized information exposure and possible unknown threats.

References

http://secunia.com/advisories/48967

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/74558

vdb-entryx_refsource_XF

http://www.ibm.com/support/docview.wss?uid=swg21592188

x_refsource_CONFIRM

Timeline

Vulnerability published
May 3, 2012
Vulnerability Reserved
Jan 17, 2012