Vulnerability Description
The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) private_key or (2) public_key parameter in a T/keyManagement request to plain/settings.html, as demonstrated by uploading a Linux ELF file and a shell script.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Imperva | Securesphere | 9.0.0.5 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Mana
- http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt
- http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Mana
- http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt
FAQ
What is CVE-2013-4094?
CVE-2013-4094 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) priva...
How severe is CVE-2013-4094?
CVE-2013-4094 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4094?
Check the references section above for vendor advisories and patch information. Affected products include: Imperva Securesphere.