what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

BMC Remedy AR 8.1 / 9.0 File Inclusion

BMC Remedy AR 8.1 / 9.0 File Inclusion
Posted Sep 24, 2015
Authored by Stephan Tigges

A file inclusion vulnerability in "BIRT Viewer" servlet used in BMC Remedy AR Reporting has been discovered. Versions 8.1 and 9.0 are affected.

tags | advisory, file inclusion
advisories | CVE-2015-5071
SHA-256 | 257cc0fd068f03a307cbab920950a5dbba966d365015b81a1f67198b1529af6a
Download | Favorite | View

BMC Remedy AR 8.1 / 9.0 File Inclusion

Change Mirror Download
Errata:
This is a correction of our previous disclosure email from September 23rd, 2015.
Our previous posting implied that the security vulnerability we discovered was in the "BIRT Viewer" servlet itself.
This is NOT the case, but rather the vulnerability is in how the "BIRT Viewer" was configured when embedded within the Remedy AR Reporting engine.

------------------------------------------------------------------------
File inclusion vulnerability caused by misconfiguration of "BIRT Viewer" servlet as used in BMC Remedy AR Reporting
 
BMC Identifier: BMC-2015-0005
CVE Identifier: CVE-2015-5071
------------------------------------------------------------------------
By BMC Application Security, SEP 2015
 
------------------------------------------------------------------------
Vulnerability summary
------------------------------------------------------------------------
A security vulnerability has been identified in BMC Remedy AR Reporting.
 
The vulnerability can be exploited remotely allowing navigation to any local or remote file.

------------------------------------------------------------------------
CVSS v2.0 Base Metrics
------------------------------------------------------------------------
Reference:  
CVE-2015-5071

Base Vector:          
(AV:N/AC:L/Au:S/C:P/I:N/A:N)   

Base Score:
4.0

------------------------------------------------------------------------
Affected versions
------------------------------------------------------------------------
The flaw has been confirmed to exist in BMC Remedy AR 8.1 and 9.0. 
Earlier Versions may also be affected
 
------------------------------------------------------------------------
Resolution
------------------------------------------------------------------------
A hotfix as well as a workaround are available at
 
https://kb.bmc.com/infocenter/index?page=content&id=KA429507
 
------------------------------------------------------------------------
Credits
------------------------------------------------------------------------
Credit for discovery of this vulnerability: Stephan Tigges from tigges-security.de

------------------------------------------------------------------------
Reference
------------------------------------------------------------------------
CVE-2015-5071
 
Information about BMC's corporate procedure for external vulnerability disclosures is at http://www.bmc.com/security

-----BEGIN PGP MESSAGE-----
Version: GnuPG v2

owGtVl1sFFUUbkVadnErfSCm2sTbxiiadnfbUoHld7tpSdEW7K4bwwN6d/bOzqUz
c4c7d/bHBDEqEjElTSCm2iYWIyYqJsqD1QS0iSb+NBEfKMRogjzQaoQYQGhNNXru
bH/YUHkws9nszs+995zvnO985/QHlpQtK/+w8rORa1PTR8rHfkuVJav+GG7nHAsc
CfgTGrURfDFSGOdEEZSZiKmIORxZnGQpc2yUpraiM9vhBBEDUx2pnBkoTixBjBTh
qLmFpxtQc7ipNRjwb795p8VsQc0MooalU5JGQsMCfgiyieJwKgoo6+gm4ThFdXmX
I64xliUcVucw+Ga66+vbOnsSKElJjvB62M2zOhGICpvoanABRvf2hLtcwTZpQClH
IMCpgYvyYakp6p6tsdwi50vDCjNVmnFcPzRiIgk1nZZ3VGizXvUQg6QLKNoDVxbj
LlRiZqhJwKeAv9GjT8DfQXUC7iq6Y8sElSJRsGODX6kCMmTsim7juUwuHjkA6G4C
IG1dscWABPwo4JfvOtPEFFSlhEfk2kaZ58ZwONwa8MeS7SWv4b74ujW8pslL/G0F
182oBTRSitDiswxqQPH2HS75XI+9s5ksCbLtGAbmBS8NRP+rCjTITooA5+hcbG+X
qKCLO3ELwRVswimI5C2dUQFHcGIwQfQCwrrOcpKrJs7STDGcgiFsFpDOFKwjxmcX
IxWI5zGXY8l4HGWbg2HUBlWKuojgVLG9tNBDVNAPUyERn8vRmzkJXJJWkyB1jEd8
8hPwr4omI92haCzyeCjqROKhWGRHqFM+iXQ/jHzzm+KgkQREc3Uw7G1IoqoK/kCK
QPdkgXsaDckMVce5BVq5GsENqccM+EFtcSu91gabgBBptC4YDgK92jEHAecQt6KD
yMCSRzaTFMOz7ntcgD3EZroj2elt1WlMqDQvJTBHdF3+Y5RjvBdz5gBiDG0OZ6HN
4RSILhYuKk0Iy46EQr2pYMpQggozQtRUmQL1SThcpkl+s4UzZCPEVsDDB2l642PR
1c3rgHUehyUGLQka3/88cvT72xyKVKj8uQZckN1DyMZaoisRFBfE0kBcEjSTIXZx
GBDudeOcoAXTxNsKmS9pb5WoRBogS52QU24UFRGnGMwPUBUPyWGAg9piEESLQ9LT
chSSsSJ5SL8JilkqvQsDU3G4EkjyB+iTy+Xm+TMXq1fKa+8sK19WVrH0Djmalfl9
K+bmtcpLlX/XXD778eZfp8atTV+vf/Tt6OH6+7SD08vReHKr1fZP38y+mhhe8bmz
b7Isf6ql+sfmUyd2PlB3dejuqsKWJZ2T4rgyeWX5kaN7jl2Ywf17Pynw4f1btefw
9RtPTo9Wf9OnqfTpZ34a6K8des1ceXFnQ4P95eCa6OHkR+ef3/XqhqqGGxcnaw6s
P7/trqmJex/ZPXgl+sSJgauf1isvaC93vH/8hxd/EResserBk11r79l2SHljwyHf
75d3V1QfuNRy9iut4qX7ExP52Mh3b53sGLr+xbWx02eG2dFVfx1b2pt809eXPzh+
bvRM3f5MU8XPtROtozO73n1n5bPvVW2pe33kqT+Hzw2c/mDvpm/3/As=
=tfHh
-----END PGP MESSAGE-----
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close