CVE-2008-1287

Properties

Published:
10.03.2008
Updated:
20.03.2008
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Product:
IBM: Rational ClearQuest
IBM: Rational ClearQuest

Vulnerability description

IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.

References:

AIXAPAR: http://www-1.ibm.com/support/docview.wss?uid=swg1PK55561
BID: http://www.securityfocus.com/bid/28132
FRSIRT: http://www.frsirt.com/english/advisories/2008/0804/references
SECUNIA: http://secunia.com/advisories/29280
XF: http://xforce.iss.net/xforce/xfdb/41042
SECTRACK: http://www.securitytracker.com/id?1019566