Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29391
HistoryMay 10, 2013 - 12:00 a.m.

DDIVRT-2013-53 Actuate 'ActuateJavaComponent' Multiple Vulnerabilities

2013-05-1000:00:00
vulners.com
58

Title

DDIVRT-2013-53 Actuate 'ActuateJavaComponent' Multiple Vulnerabilities

Severity

High

Date Discovered

March 19, 2013

Discovered By

Digital Defense, Inc. Vulnerability Research Team
Credit: Dennis Lavrinenko, Bobby Lockett, and r@b13$

  1. Actuate 'ActuateJavaComponent' Arbitrary File Retrieval

Vulnerability Description

Actuate 10 contains a vulnerability within the 'ActuateJavaComponent'. This component allows unauthenticated attackers to retrieve arbitrary system files located outside of the web root.

Solution Description

A solution for this security issue is not available at this time. End-users can mitigate this flaw by limiting access to affected systems through the use of access controls.

  1. Actuate 'ActuateJavaComponent' Arbitrary Directory Browsing Vulnerability

Vulnerability Description

Actuate 10 contains an arbitrary directory browsing vulnerability within the 'ActuateJavaComponent'. This vulnerability allows the contents of any drive or directory to be browsed within the web application's interface.

Solution Description

A solution for this security issue is not available at this time. End-users can mitigate this flaw by limiting access to affected systems through the use of access controls.

Tested Systems / Software

Actuate 10 Service Pack 1 Fix 4

Vendor Contact

Vendor Name: Actuate Corporation
Vendor Website: http://www.actuate.com/home/

Current Advisory

http://www.ddifrontline.com/company/SecuritySpotlight/2013/05/u2545