Company

Technical Security Consulting

Managing Risk

Research & Development

Forensics

Security Management

Media Centre

PCI DSS

• Home
• Overview
• R&D Services
• Technology Focus
• Messaging Systems Security
• Embedded Systems Security
• Collaborative Research Projects
• Technical Whitepapers
• Research Briefings
• Publicly Released Tools
• Vendor Alerts - 0days
• Security Advisories
• Advisories
• Advisory 028
• Advisory 027
• Advisory 026
• Advisory 025
• Advisory 024
• Advisory 023
• Advisory 022
• Advisory 021
• Advisory 020
• Advisory 019
• Advisory 018
• Advisory 017
• Advisory 016
• Advisory 015
• Advisory 014
• Advisory 013
• Advisory 012
• Advisory 011
• Advisory 010
• Advisory 009
• Advisory 008
• Advisory 007
• Advisory 006
• Advisory 005
• Advisory 004
• Advisory 003
• Advisory 002
• Advisory 001

Advisory 016

ieIntegrator Configuration information disclosure

Vulnerablity Type / Importance: Information Leakage / Medium

Problem discovered: January 19th 2006
Vendor contacted: January 19th 2006
Advisory published: February 10th 2006
----------------------------------------------------------------------

Abstract:

ieIntegrator is a web application middleware server designed to provide support for
large-scale legacy back-end systems to developers of eCommerce and database driven
web applications. The server is supported on the Windows NT platform, and includes
comprehensive system monitoring and management functions. The ieIntegrator product is
produced by IE Systems (http://www.ie.com)

Description:

IRM has discovered an information leakage vulnerability in ieIntegrator that
allows remote users to disclose sensitive information about the configuration of
the web server.

During exploitation of the vulnerability, the following details are disclosed (non exhaustive list):

-directory path to the integrator application
-the internal port that the integrator application is connected to (local connection)
-web server software type and version (e.g. Microsoft IIS/5.0)
-local internal server IP address (e.g. 10.0.0.15)
-current ASP session cookie name and value (if applicable)
-system username of current IIS user (e.g. IUSR_SOMEDOMAIN)

Technical Details:

The information leakage can be triggered by attempting to execute a non-existent
Script within the ieIntegrator application directory (‘apps’). If a bespoke error
page has not been defined within the configuration file ‘acm.ini’ then a considerable
amount of sensitive information is leaked through the debug process within the
ieIntegrator web server. A bespoke error message definition is not created with a
default installation of ieIntegrator.

An example URL that would trigger the information leakage would be:

http://www.somedomain.com/integrator/apps/lmnfileserver/displaySomthing.aspx

where ‘/integrator/apps’ is the directory for ieIntegrator applications, and
‘/lmnfileserver/displaySomething.aspx’ is a nonexistent local file.

Tested Versions:

Version 4.4.220114

Vendor & Patch Information:

Contact was initially made via the support email system on the ieIntegrator website at
www.ie.com. The vendor believes that this issue is not a security vulnerability and
refers support queries to the documentation regarding the configuration using the
‘acm.ini’ file.

Workarounds:

A bespoke error message can be specified in the ‘acm.ini’ ieIntegrator configuration
file which will then cause the error message to be displayed in place of the default
debug information.

Credits:

Research & Advisory: D Scholefield

Disclaimer:

All information in this advisory is provided on an 'as is'
basis in the hope that it will be useful. Information Risk Management
Plc is not responsible for any risks or occurrences caused
by the application of this information.