Vulnerablity Type / Importance: Information Leak / Medium
Problem discovered: January 19th 2006
Vendor contacted: January 19th 2006
Advisory published: February 10th 2006
Abstract:
ieIntegrator is a web application middleware server designed to provide support for large-scale legacy back-end systems to developers of eCommerce and database driven web applications. The server is supported on the Windows NT platform, and includes comprehensive system monitoring and management functions. The ieIntegrator product is produced by IE Systems (http://www.ie.com)
Description:
IRM has discovered an information leakage vulnerability in ieIntegrator that allows remote users to disclose sensitive information about the configuration of the web server.
During exploitation of the vulnerability, the following details are disclosed (non exhaustive list):
-directory path to the integrator application
-the internal port that the integrator application is connected to (local connection)
-web server software type and version (e.g. Microsoft IIS/5.0)
-local internal server IP address (e.g. 10.0.0.15)
-current ASP session cookie name and value (if applicable)
-system username of current IIS user (e.g. IUSR_SOMEDOMAIN)
Technical Details:
The information leakage can be triggered by attempting to execute a non-existent script within the ieIntegrator application directory (‘apps’). If a bespoke error page has not been defined within the configuration file ‘acm.ini’ then a considerable amount of sensitive information is leaked through the debug process within the ieIntegrator web server. A bespoke error message definition is not created with a default installation of ieIntegrator.
An example URL that would trigger the information leakage would be:
http://www.somedomain.com/integrator/apps/lmnfileserver/displaySomthing.aspx
where ‘/integrator/apps’ is the directory for ieIntegrator applications, and ‘/lmnfileserver/displaySomething.aspx’ is a nonexistent local file.
Tested Versions:
Version 4.4.220114
Vendor & Patch Information:
Contact was initially made via the support email system on the ieIntegrator website at www.ie.com. The vendor believes that this issue is not a security vulnerability and refers support queries to the documentation regarding the configuration using the ‘acm.ini’ file.
Workarounds:
A bespoke error message can be specified in the ‘acm.ini’ ieIntegrator configuration file which will then cause the error message to be displayed in place of the default debug information.
Credits:
Research & Advisory: D Scholefield
Disclaimer:
All information in this advisory is provided on an 'as is' basis in the hope that it will be useful. Information Risk Management Plc is not responsible for any risks or occurrences caused by the application of this information.