Showing 1 - 1 of 1

CVE-2013-0523

Status Candidate

Overview

IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a padding oracle attack that targets certain UTF-8 processing of the krypto parameter, and leverages unspecified browser access or traffic-log access.

Related Files

IBM WebSphere Commerce Padding Oracle Attacks: Posted Jun 19, 2013; Authored by George D. Gal, Timothy D. Morgan | Site vsecurity.com; In February 2013, VSR identified a vulnerability in the IBM WebSphere Commerce framework which could allow an attacker to tamper with values stored in the "krypto" URL parameter. This parameter is encrypted with a block cipher without any independent integrity protection. This, combined with observed application behavior, allows for padding oracle attacks which can be used to decrypt the krypto token and forge new tokens with arbitrary embedded parameters.; tags | advisory, arbitrary; advisories | CVE-2013-0523; SHA-256 | 5998d6a975a57dc3921286cababdc5aa780a65141183d9726f3d8938c1392707; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 167 files
Ubuntu 107 files
indoushka 53 files
Debian 22 files
nu11secur1ty 18 files
Apple 13 files
Google Security Research 7 files
Gentoo 7 files
CraCkEr 6 files
LiquidWorm 4 files

File Archives

Systems

AIX (428)
Apple (2,016)
BSD (374)
CentOS (57)
Cisco (1,925)
Debian (6,844)
Fedora (1,692)
FreeBSD (1,245)
Gentoo (4,329)
HPUX (879)
iOS (355)
iPhone (108)
IRIX (220)
Juniper (68)
Linux (46,826)
Mac OS X (687)
Mandriva (3,105)
NetBSD (256)
OpenBSD (485)
RedHat (13,921)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,946)
UNIX (9,317)
UnixWare (186)
Windows (6,589)
Other

CVE-2013-0523

Overview

Related Files

File Archive:

September 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems