Correction: BMC-2015-0006: File inclusion vulnerability caused by misconfiguration of "BIRT Engine" servlet as used in BMC Remedy AR Reporting

Enigmail: ??? ??? ??? ?? ??? ??? ??? ???

Errata:
This is a correction of our previous disclosure email from September 23rd, 2015.
Our previous posting implied that the security vulnerability we discovered was in the "BIRT Engine" servlet itself.
This is NOT the case, but rather the vulnerability is in how the "BIRT Engine" was configured when embedded within the Remedy AR Reporting engine.

---

File inclusion vulnerability caused by misconfiguration of "BIRT Engine" servlet as used in BMC Remedy AR Reporting

BMC Identifier: BMC-2015-0006
CVE Identifier: CVE-2015-5072

By BMC Application Security, SEP 2015

---

Vulnerability summary

A security vulnerability has been identified in BMC Remedy AR Reporting.

The vulnerability can be exploited remotely allowing navigation to any file in the local file system.

---

CVSS v2.0 Base Metrics

Reference:
CVE-2015-5072

Base Vector:
(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Base Score:
4.0

---

Affected versions

The flaw has been confirmed to exist in BMC Remedy AR 8.1 and 9.0.
Earlier Versions may also be affected

---

Resolution

A hotfix as well as a workaround are available at

https://kb.bmc.com/infocenter/index?page=content&id=KA429507

---

Credits

Credit for discovery of this vulnerability: Stephan Tigges from tigges-security.de

---

Reference

CVE-2015-5072

Information about BMC's corporate procedure for external vulnerability disclosures is at http://www.bmc.com/security

********* ??? ??? ??? ??? ??? ??? ??? ???*********

-----BEGIN PGP UNVERIFIED MESSAGE-----
Errata:
This is a correction of our previous disclosure email from September 23rd, 2015.
Our previous posting implied that the security vulnerability we discovered was in the "BIRT Engine" servlet itself.
This is NOT the case, but rather the vulnerability is in how the "BIRT Engine" was configured when embedded within the Remedy AR Reporting engine.

---

File inclusion vulnerability caused by misconfiguration of "BIRT Enginea?? servlet as used in BMC Remedy AR Reporting

BMC Identifier: BMC-2015-0006
CVE Identifier: CVE-2015-5072

By BMC Application Security, SEP 2015

---

Vulnerability summary

A security vulnerability has been identified in BMC Remedy AR Reporting.

The vulnerability can be exploited remotely allowing navigation to any file in the local file system.

---

CVSS v2.0 Base Metrics

Reference:
CVE-2015-5072

Base Vector:
(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Base Score:
4.0

---

Affected versions

The flaw has been confirmed to exist in BMC Remedy AR 8.1 and 9.0.
Earlier Versions may also be affected

---

Resolution

A hotfix as well as a workaround are available at

https://kb.bmc.com/infocenter/index?page=content&id=KA429507

---

Credits

Credit for discovery of this vulnerability: Stephan Tigges from tigges-security.de

---

Reference

CVE-2015-5072

Information about BMC's corporate procedure for external vulnerability disclosures is at http://www.bmc.com/security-----END PGP UNVERIFIED MESSAGE-----

-----BEGIN PGP MESSAGE-----
Version: GnuPG v2

owGtVltoHFUY3nhJk4WVthFFiOQYxVZJ9tYktauhbpaULubGblwaH4xnZ8/sHjMz
Zz1zZi/kwYpgsVQsGquttmlsi0HQLu1DHqSxaKsRlVJBqySotUi1qVQNoX0S/zOb
29IqCjMsOzNnzvmv3//9/27Pza6aqtKqyYm5q9dGqj6fTboSt80f7eQcCxzyuPsz
1ETww0hhnBNFUGYgpiJmcZTlJEeZZaIUNRWNmRYniOiYakjlTEdxkhVETxKOght4
qgkF/YFWr8fdu/JklpmCGmlE9axGSQqJDBbwR5BJFItTUUQ5SzMIx0mqybc8sZWx
HOGwO4/BNsPe39gRjfWjTiNNDdIIp3lOIwJRYRJN9S670dPbb29XsEmaUNISCPzM
gIlysVIVtWVnWP4G8qVihRkqTVu2HRliIOlqKiXfqMgsWBUjOkkVUTgGT1nGbVeJ
LQNs8ribHbo87i1UI2CuolmmTFClJwq2TLArWUS6jF3ZbLyYyZWe/bR9/1LswEX7
GLjS0R25kSseN/K45bdoihiCqpTwkNzbLDPd7Pf72zzuSKKz4jO8lz+3+jcGnYxA
R9E2M5wFICll5+ILGGpC8c4+G362xc7pTFSE2bR0HfOikwrC/1QHGchOkgDq6GJs
/y1RXtvv/usgrmADpCBSyGqMChDBic4E0YoIaxrLS7QaOEfT5XAKhrBRRGoZaja+
NaZgrbxiFk2ododhHUnE4ygX9PpRBxQs6iaCU8V0UkOMqEAlhkJCtTZYV4ITQCW1
JoD1GA/VysvjXh9OhHp84Uioyxe2QnFfJNTni8qVUM8DqHbpUBzokgB/tnj9zoYk
rKpgD+QKKFDWuqPRkBBRNZxfxpdNF1yX1MwAKNQU1+PsIW8AkJFCm7x+L+CsE3Pg
cg5xKxuIdCwBZTKJNbxgvsOVGCMm0ywJU2fLL8OESguSC/NE0+QdozzjQ5gzCzzG
0PFwDjoeTkIJYGF7lREia4Z8vqGkN6krXoXpPmqoTIFCJRweU6SwOYvTpB1iK2Dx
fppqfyzcEtwEqHM4LBHoTtAD/4/Ik9P/TShSGV/qxUXZSITssRUEE0JxQbIZYJl+
mk4TszwXCPu5eZHZvCnibIUslbSzTFRBDZClKOSU62VqxEkGowRUxTo5F3CgXSwI
TDmQ9JScimSsSAHSbwBdVnLw8uxUnrMEkvgB+OTz+SX8LMbqxar6W1xVNa7qW2+S
U5rLXbt6cXSbaqtxlepeE2d/e7Aab227eujtcJo/Ezgze+H0QOytvXWvnn3iTM8M
Xjv8/Hz08Z7p839teLJ6rC9wtDQ/MrPqy/F9r98ZRavjXwWMU43m3l3vnRPnjx+q
P7f72Md3szcv71PmN850tfaO/pppuDI4cM/2I8Pr53a+oWin0h92HxifiCrHfhiZ
0tU1j37WcvgSOvh9bu2nY8Nj7ovj6wr55tng++9MbCHHT66ZSuzf/OO9O/uGXnlp
W6l0beCuwOlL73431bPrk/um3Q837YjEny3c8fM3l/0vbz1xcbrK9csj4faG0cnn
PHN/1B1oeKFh9Ip5eNu3g0f2fL3nQtcHg78PafUfnbjd9cXTO0pP/Tnp+hs=
=rUaq
-----END PGP MESSAGE-----

********** ??? ??? ??? ???**********