lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201305091717.r49HHv0A014204@sf01web3.securityfocus.com>
Date: Thu, 9 May 2013 17:17:57 GMT
From: ddivulnalert@...frontline.com
To: bugtraq@...urityfocus.com
Subject: DDIVRT-2013-53 Actuate 'ActuateJavaComponent' Multiple
 Vulnerabilities

Title
-----
DDIVRT-2013-53 Actuate 'ActuateJavaComponent' Multiple Vulnerabilities

Severity
--------
High

Date Discovered
---------------
March 19, 2013

Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Dennis Lavrinenko, Bobby Lockett, and r@...$

1. Actuate 'ActuateJavaComponent' Arbitrary File Retrieval

Vulnerability Description
-------------------------
Actuate 10 contains a vulnerability within the 'ActuateJavaComponent'. This component allows unauthenticated attackers to retrieve arbitrary system files located outside of the web root.

Solution Description
--------------------
A solution for this security issue is not available at this time. End-users can mitigate this flaw by limiting access to affected systems through the use of access controls.

2. Actuate 'ActuateJavaComponent' Arbitrary Directory Browsing Vulnerability

Vulnerability Description
-------------------------
Actuate 10 contains an arbitrary directory browsing vulnerability within the 'ActuateJavaComponent'. This vulnerability allows the contents of any drive or directory to be browsed within the web application's interface.

Solution Description
--------------------
A solution for this security issue is not available at this time. End-users can mitigate this flaw by limiting access to affected systems through the use of access controls.

Tested Systems / Software
-------------------------
Actuate 10 Service Pack 1 Fix 4

Vendor Contact
--------------
Vendor Name: Actuate Corporation
Vendor Website: http://www.actuate.com/home/

Current Advisory
--------------
http://www.ddifrontline.com/company/SecuritySpotlight/2013/05/u2545

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ