CVE-2014-0871

Published: Jul 7, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to obtain potentially sensitive Tomcat stack-trace information via non-printing characters in a cookie to the /classes/ URI, as demonstrated by the \x00 character.

Affected (3)

Products: Ibm: Algo Credit Limits, Algorithmics

2 products

Algo Credit Limits

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ibm Algo Credit Limits	Version 4.5.0
Ibm Algo Credit Limits	Version 4.7.0
Ibm Algorithmics	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (14)

http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html

Source: psirt@us.ibm.com

http://seclists.org/fulldisclosure/2014/Jun/173

Source: psirt@us.ibm.com

http://secunia.com/advisories/59296

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21675881

Source: psirt@us.ibm.com

Vendor Advisory

http://www.securityfocus.com/archive/1/532598/100/0/threaded

Source: psirt@us.ibm.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/90945

Source: psirt@us.ibm.com

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt

Source: psirt@us.ibm.com

http://packetstormsecurity.com/files/127304/IBM-Algorithmics-RICOS-Disclosure-XSS-CSRF.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2014/Jun/173

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/59296

Source: af854a3a-2127-422b-91ae-364da2661108

http://www-01.ibm.com/support/docview.wss?uid=swg21675881

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/archive/1/532598/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/90945

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140630-0_IBM_Algorithmics_RICOS_multiple_vulnerabilities_v10.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.