IBM Rational Quality Manager and Test Lab Manager Policy Bypass
Added: 11/05/2010CVE: CVE-2010-4094
BID: 44172
Background
IBM Rational Quality Manager is a web-based centralized test management environment for test planning, workflow control, tracking and metrics reporting. IBM Rational Quality Manager incorporates Apache Tomcat 5 to help serve custom web applications.IBM Rational Test Lab Manager integrates fully with Rational Quality Manager and helps to improve the efficiency of the test lab and optimize how resources are requested and provided.
Problem
An unauthorized file upload vulnerability exists in IBM Rational Quality Manager. IBM Rational Quality Manager generates credentials for a default user/password combination in Apache Tomcat. A remote attacker can leverage this vulnerability by sending a crafted HTTP request using the default credentials. Once authenticated, the attacker can upload a malicious web application to a vulnerable system.Resolution
Download the fix for IBM Rational Quality Manager 2.0.1 from IBM.References
http://www.zerodayinitiative.com/advisories/ZDI-10-214/Limitations
Exploit works on IBM Rational Quality Manager 2.0.1 on Microsoft Windows Server 2003 and Windows Server 2008.It may take longer than usual to establish the connection after successful exploitation because it takes time for the affected server to deploy the malicious WAR file.
Platforms
WindowsBack to exploit index