what you don't know can hurt you

BMC Remedy AR 8.1 / 9.0 File Inclusion

BMC Remedy AR 8.1 / 9.0 File Inclusion
Posted Sep 24, 2015
Authored by Stephan Tigges

A file inclusion vulnerability in the "BIRT Engine" servlet used in BMC Remedy AR Reporting has been discovered. Versions 8.1 and 9.0 are affected.

tags | advisory, file inclusion
advisories | CVE-2015-5072
MD5 | 6041faec0f167a9373bb38e403c9c9e3

BMC Remedy AR 8.1 / 9.0 File Inclusion

Change Mirror Download
Errata:
This is a correction of our previous disclosure email from September 23rd, 2015.
Our previous posting implied that the security vulnerability we discovered was in the "BIRT Engine" servlet itself.
This is NOT the case, but rather the vulnerability is in how the "BIRT Engine" was configured when embedded within the Remedy AR Reporting engine.

------------------------------------------------------------------------
File inclusion vulnerability caused by misconfiguration of "BIRT Engine" servlet as used in BMC Remedy AR Reporting

BMC Identifier: BMC-2015-0006
CVE Identifier: CVE-2015-5072
------------------------------------------------------------------------
By BMC Application Security, SEP 2015

------------------------------------------------------------------------
Vulnerability summary
------------------------------------------------------------------------
A security vulnerability has been identified in BMC Remedy AR Reporting.

The vulnerability can be exploited remotely allowing navigation to any file in the local file system.

------------------------------------------------------------------------
CVSS v2.0 Base Metrics
------------------------------------------------------------------------
Reference:
CVE-2015-5072

Base Vector:
(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Base Score:
4.0

------------------------------------------------------------------------
Affected versions
------------------------------------------------------------------------
The flaw has been confirmed to exist in BMC Remedy AR 8.1 and 9.0.
Earlier Versions may also be affected

------------------------------------------------------------------------
Resolution
------------------------------------------------------------------------
A hotfix as well as a workaround are available at

https://kb.bmc.com/infocenter/index?page=content&id=KA429507

------------------------------------------------------------------------
Credits
------------------------------------------------------------------------
Credit for discovery of this vulnerability: Stephan Tigges from tigges-security.de

------------------------------------------------------------------------
Reference
------------------------------------------------------------------------
CVE-2015-5072

Information about BMC's corporate procedure for external vulnerability disclosures is at http://www.bmc.com/security

-----BEGIN PGP MESSAGE-----
Version: GnuPG v2

owGtVltoHFUY3nhJk4WVthFFiOQYxVZJ9tYktauhbpaULubGblwaH4xnZ8/sHjMz
Zz1zZi/kwYpgsVQsGquttmlsi0HQLu1DHqSxaKsRlVJBqySotUi1qVQNoX0S/zOb
29IqCjMsOzNnzvmv3//9/27Pza6aqtKqyYm5q9dGqj6fTboSt80f7eQcCxzyuPsz
1ETww0hhnBNFUGYgpiJmcZTlJEeZZaIUNRWNmRYniOiYakjlTEdxkhVETxKOght4
qgkF/YFWr8fdu/JklpmCGmlE9axGSQqJDBbwR5BJFItTUUQ5SzMIx0mqybc8sZWx
HOGwO4/BNsPe39gRjfWjTiNNDdIIp3lOIwJRYRJN9S670dPbb29XsEmaUNISCPzM
gIlysVIVtWVnWP4G8qVihRkqTVu2HRliIOlqKiXfqMgsWBUjOkkVUTgGT1nGbVeJ
LQNs8ribHbo87i1UI2CuolmmTFClJwq2TLArWUS6jF3ZbLyYyZWe/bR9/1LswEX7
GLjS0R25kSseN/K45bdoihiCqpTwkNzbLDPd7Pf72zzuSKKz4jO8lz+3+jcGnYxA
R9E2M5wFICll5+ILGGpC8c4+G362xc7pTFSE2bR0HfOikwrC/1QHGchOkgDq6GJs
/y1RXtvv/usgrmADpCBSyGqMChDBic4E0YoIaxrLS7QaOEfT5XAKhrBRRGoZaja+
NaZgrbxiFk2ododhHUnE4ygX9PpRBxQs6iaCU8V0UkOMqEAlhkJCtTZYV4ITQCW1
JoD1GA/VysvjXh9OhHp84Uioyxe2QnFfJNTni8qVUM8DqHbpUBzokgB/tnj9zoYk
rKpgD+QKKFDWuqPRkBBRNZxfxpdNF1yX1MwAKNQU1+PsIW8AkJFCm7x+L+CsE3Pg
cg5xKxuIdCwBZTKJNbxgvsOVGCMm0ywJU2fLL8OESguSC/NE0+QdozzjQ5gzCzzG
0PFwDjoeTkIJYGF7lREia4Z8vqGkN6krXoXpPmqoTIFCJRweU6SwOYvTpB1iK2Dx
fppqfyzcEtwEqHM4LBHoTtAD/4/Ik9P/TShSGV/qxUXZSITssRUEE0JxQbIZYJl+
mk4TszwXCPu5eZHZvCnibIUslbSzTFRBDZClKOSU62VqxEkGowRUxTo5F3CgXSwI
TDmQ9JScimSsSAHSbwBdVnLw8uxUnrMEkvgB+OTz+SX8LMbqxar6W1xVNa7qW2+S
U5rLXbt6cXSbaqtxlepeE2d/e7Aab227eujtcJo/Ezgze+H0QOytvXWvnn3iTM8M
Xjv8/Hz08Z7p839teLJ6rC9wtDQ/MrPqy/F9r98ZRavjXwWMU43m3l3vnRPnjx+q
P7f72Md3szcv71PmN850tfaO/pppuDI4cM/2I8Pr53a+oWin0h92HxifiCrHfhiZ
0tU1j37WcvgSOvh9bu2nY8Nj7ovj6wr55tng++9MbCHHT66ZSuzf/OO9O/uGXnlp
W6l0beCuwOlL73431bPrk/um3Q837YjEny3c8fM3l/0vbz1xcbrK9csj4faG0cnn
PHN/1B1oeKFh9Ip5eNu3g0f2fL3nQtcHg78PafUfnbjd9cXTO0pP/Tnp+hs=
=rUaq
-----END PGP MESSAGE-----
Login or Register to add favorites

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    0 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close