Security Bulletin: Information disclosure vulnerability in IBM Security AppScan Standard (CVE-2013-0510)
IBM PSIRT 270004PFE3 firstname.lastname@example.org | | Tags:  psirtsecurity psirtmedium
0 Comments | 801 Visits
One of the AppScan security tests will inadvertently forward session cookies to a hardcoded IBM owned external server. A man in the middle attack or a compromise of the external server could lead to sensitive cookie information being revealed. This could lead to takeover of the test account being used for scanning. Specific knowledge of AppScan Standard is necessary to conduct the attack. The attack can be conducted over the internet. No authentication is required for the attack.
Affected product(s) & Affected version(s):
· Versions 8.6 through 188.8.131.52 of Security AppScan Standard running on Microsoft Windows
Refer to the following reference URLs for remediation and additional vulnerability details.
Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21631303
X-Force Database: http://xforce.iss.net/xforce/xfdb/82592