>> IBM Rational ClearQuest Multiple Information Disclosure Vulnerabilities
Title : IBM Rational ClearQuest Multiple Information Disclosure Vulnerabilities VUPEN ID : VUPEN/ADV-2008-0804 CVE ID : CVE-2008-1287 - CVE-2008-1288
Rated as : Low Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2008-03-10
Technical Description
Two vulnerabilities have been identified in IBM Rational ClearQuest, which could be exploited by attackers to gain knowledge of sensitive information.
The first issue is caused by an error in login pages when displaying error messages produced by unsuccessful login attempts, which could be exploited to perform scripted username enumeration.
The second weakness is caused by an unspecified error when using certain session cookies, which could be exploited by attackers to disclose information about the user.
The third issue is caused due to the ClearQuest web site's development environment being revealed within the HTML META tags.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
