Close

July 7, 2013

IBM Rational Performance Tester Java API Documentation Frame Injection Vulnerability

New vulnerability has been found which affects IBM Rational Performance Tester 8.5.0.0 and earlier version. Type of attack is called ClickJacking. This particular vulnerability allows attacker to create a malicious link to the documentation which injects arbitrary content to the mainframe. This attack does not require any authentication and may be exploited remotely if the HTML network is available.

This impact compromises the data integrity.

[stextbox id=”alert”]VULNERABILITY DETAILS:[/stextbox]

CVEID: CVE-2013-1571

CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84715 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

AFFECTED PRODUCTS AND VERSIONS: 

IBM Rational Performance Tester version 8.5.0.0 and earlier

REMEDIATION: 
Users hosting publicly facing Java API Documentation are strongly encouraged use Oracle’s Java API Documentation Updater Tool, a repair-in-place tool meant to correct existing documentation.

The Tool is available to all Java users on www.oracle.com/technetwork/java/javase/downloads/

Workaround(s):
None

Mitigation(s):
None

REFERENCES:

Thanks for visiting QAInsights! Check out our new portal Testifications.com to get updates on Software Testing related certifications. We’re always posting interesting articles on QAInsights. I request you to subscribe so you don’t miss out anything. Searching for QA Jobs Openings, check it at www.QAJobOpenings.com

Want to start a blog like this, please visit SpidyDomain to buy cheap web hosting and register domain.

Subscribe to our QAInsights YouTube Channel | Subscribe our free weekly newsletter.

About NaveenKumar Namachivayam

Hi there! is a passionate and experienced Performance Test Analyst based in Chicago, USA with skill sets in Manual Testing, Test Automation, Performance Testing, and Test Estimation. He loves to learn and experiment new trends and models in Software Testing. Please stop by at his personal blogs: Excel Blog, DealsBrook, NaveenKumarN.in, and Affiliate Insights blog and Software Testing Memes.

Leave a Reply

Your email address will not be published. Required fields are marked *