Remote Information Disclosure in IBM Algo Credit Limits (ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5

Remote Information Disclosure in IBM Algo Credit Limits (ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5

CVE-2014-0871 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to obtain potentially sensitive Tomcat stack-trace information via non-printing characters in a cookie to the /classes/ URI, as demonstrated by the \x00 character.

Learn more about our Cis Benchmark Audit For Apache Tomcat.