[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Correction: BMC-2015-0005: File inclusion vulnerability caused by misconfiguration of "BIRT Viewer" servlet as used in BMC Remedy AR Reporting



Errata:
This is a correction of our previous disclosure email from September 23rd, 2015.
Our previous posting implied that the security vulnerability we discovered was in the "BIRT Viewer" servlet itself.
This is NOT the case, but rather the vulnerability is in how the "BIRT Viewer" was configured when embedded within the Remedy AR Reporting engine.

------------------------------------------------------------------------
File inclusion vulnerability caused by misconfiguration of "BIRT Viewer" servlet as used in BMC Remedy AR Reporting
 
BMC Identifier: BMC-2015-0005
CVE Identifier: CVE-2015-5071
------------------------------------------------------------------------
By BMC Application Security, SEP 2015
 
------------------------------------------------------------------------
Vulnerability summary
------------------------------------------------------------------------
A security vulnerability has been identified in BMC Remedy AR Reporting.
 
The vulnerability can be exploited remotely allowing navigation to any local or remote file.

------------------------------------------------------------------------
CVSS v2.0 Base Metrics
------------------------------------------------------------------------
Reference:	
CVE-2015-5071

Base Vector:					
(AV:N/AC:L/Au:S/C:P/I:N/A:N) 	

Base Score:
4.0

------------------------------------------------------------------------
Affected versions
------------------------------------------------------------------------
The flaw has been confirmed to exist in BMC Remedy AR 8.1 and 9.0. 
Earlier Versions may also be affected
 
------------------------------------------------------------------------
Resolution
------------------------------------------------------------------------
A hotfix as well as a workaround are available at
 
https://kb.bmc.com/infocenter/index?page=content&id=KA429507
 
------------------------------------------------------------------------
Credits
------------------------------------------------------------------------
Credit for discovery of this vulnerability: Stephan Tigges from tigges-security.de

------------------------------------------------------------------------
Reference
------------------------------------------------------------------------
CVE-2015-5071
 
Information about BMC's corporate procedure for external vulnerability disclosures is at http://www.bmc.com/security

-----BEGIN PGP MESSAGE-----
Version: GnuPG v2

owGtVl1sFFUUbkVadnErfSCm2sTbxiiadnfbUoHld7tpSdEW7K4bwwN6d/bOzqUz
c4c7d/bHBDEqEjElTSCm2iYWIyYqJsqD1QS0iSb+NBEfKMRogjzQaoQYQGhNNXru
bH/YUHkws9nszs+995zvnO985/QHlpQtK/+w8rORa1PTR8rHfkuVJav+GG7nHAsc
CfgTGrURfDFSGOdEEZSZiKmIORxZnGQpc2yUpraiM9vhBBEDUx2pnBkoTixBjBTh
qLmFpxtQc7ipNRjwb795p8VsQc0MooalU5JGQsMCfgiyieJwKgoo6+gm4ThFdXmX
I64xliUcVucw+Ga66+vbOnsSKElJjvB62M2zOhGICpvoanABRvf2hLtcwTZpQClH
IMCpgYvyYakp6p6tsdwi50vDCjNVmnFcPzRiIgk1nZZ3VGizXvUQg6QLKNoDVxbj
LlRiZqhJwKeAv9GjT8DfQXUC7iq6Y8sElSJRsGODX6kCMmTsim7juUwuHjkA6G4C
IG1dscWABPwo4JfvOtPEFFSlhEfk2kaZ58ZwONwa8MeS7SWv4b74ujW8pslL/G0F
182oBTRSitDiswxqQPH2HS75XI+9s5ksCbLtGAbmBS8NRP+rCjTITooA5+hcbG+X
qKCLO3ELwRVswimI5C2dUQFHcGIwQfQCwrrOcpKrJs7STDGcgiFsFpDOFKwjxmcX
IxWI5zGXY8l4HGWbg2HUBlWKuojgVLG9tNBDVNAPUyERn8vRmzkJXJJWkyB1jEd8
8hPwr4omI92haCzyeCjqROKhWGRHqFM+iXQ/jHzzm+KgkQREc3Uw7G1IoqoK/kCK
QPdkgXsaDckMVce5BVq5GsENqccM+EFtcSu91gabgBBptC4YDgK92jEHAecQt6KD
yMCSRzaTFMOz7ntcgD3EZroj2elt1WlMqDQvJTBHdF3+Y5RjvBdz5gBiDG0OZ6HN
4RSILhYuKk0Iy46EQr2pYMpQggozQtRUmQL1SThcpkl+s4UzZCPEVsDDB2l642PR
1c3rgHUehyUGLQka3/88cvT72xyKVKj8uQZckN1DyMZaoisRFBfE0kBcEjSTIXZx
GBDudeOcoAXTxNsKmS9pb5WoRBogS52QU24UFRGnGMwPUBUPyWGAg9piEESLQ9LT
chSSsSJ5SL8JilkqvQsDU3G4EkjyB+iTy+Xm+TMXq1fKa+8sK19WVrH0Djmalfl9
K+bmtcpLlX/XXD778eZfp8atTV+vf/Tt6OH6+7SD08vReHKr1fZP38y+mhhe8bmz
b7Isf6ql+sfmUyd2PlB3dejuqsKWJZ2T4rgyeWX5kaN7jl2Ywf17Pynw4f1btefw
9RtPTo9Wf9OnqfTpZ34a6K8des1ceXFnQ4P95eCa6OHkR+ef3/XqhqqGGxcnaw6s
P7/trqmJex/ZPXgl+sSJgauf1isvaC93vH/8hxd/EResserBk11r79l2SHljwyHf
75d3V1QfuNRy9iut4qX7ExP52Mh3b53sGLr+xbWx02eG2dFVfx1b2pt809eXPzh+
bvRM3f5MU8XPtROtozO73n1n5bPvVW2pe33kqT+Hzw2c/mDvpm/3/As=
=tfHh
-----END PGP MESSAGE-----