Remote Code Execution via Key Management in Imperva SecureSphere 9.0.0.5

Remote Code Execution via Key Management in Imperva SecureSphere 9.0.0.5

CVE-2013-4094 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) private_key or (2) public_key parameter in a T/keyManagement request to plain/settings.html, as demonstrated by uploading a Linux ELF file and a shell script.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.