what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Brava! Enterprise / Server 16.4 Information Disclosure

Brava! Enterprise / Server 16.4 Information Disclosure
Posted Nov 1, 2018
Authored by Luke Bailiff

Brava! Enterprise and Server components versions 7.5 through 16.4 suffer from a sensitive data exposure vulnerability due to weak permissions.

tags | exploit, info disclosure
SHA-256 | 22ddcecdf678369fce4fd0eec120348fb5cd6c405de17d297ede0c2e352fb5d9

Brava! Enterprise / Server 16.4 Information Disclosure

Change Mirror Download
Vulnerable Application:  Brava! Enterprise and Brava! Server Components

Affected Versions: Brava! Enterprise and Brava! Server Components have this as the default configuration, from Brava! 7.5 to the latest Brava! 16.4 on Windows.

Not Affected Versions: Linux installs do not automatically create the share.

Potential Security Impact: Sensitive Data Exposure

If the files within your implementation are sensitive, this may expose sensitive data to unauthorized users. Limiting SMB access will help mitigate this vulnerability as well.

Since the default permissions allow for modify access of the files, there is some potential against the integrity of the file as the user is viewing it, but this has not been explored.


Vulnerability Description: During the installation of Brava! Enterprise and Brava! Server Components, a file share is created on the windows server called "displaylistcache" with full read and write permissions for the everyone group at both the NTFS and Share levels. The share is used to retrieve documents for processing, and to store processed documents for display in the browser. This is the default behavior of the install. The only required share level access is read/write by the JobProcessor service account. At the local filesystem level, the only additional required permissions would be read/write from the servlet engine (typically Tomcat). The affected server components are not installed with Content Server by default, and must be installed separately.


Remediation: Review your OpenText install to see if you are affected. If affected, update permissions on the displaylistcache share and local level to allow only the servlet engine (typically tomcat) and the JobProcessor service accounts access.

Vendor declined to update the installer behavior, but has updated their documentation.

Vendor comment:
Our default Brava! Enterprise/Brava! Server Components installer is intended to be used as a starting point for implementation within your environment. We do provide guidelines within our documentation on how to harden the Brava! Enterprise web application/server and expect that the documentation be reviewed during installation and configuration. Our documentation does include information on the requirements of the displaylistcache share, but because each customer will have different infrastructure-based considerations, which would be overwhelming to thoroughly document, we only offer general guidance. We continually evaluate our documentation over time and lately have updated our "Security Considerations" documentation to add more clarity around the requirements of a displaylistcache configuration.
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    18 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    12 Files
  • 29
    May 29th
    31 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close