CVE-2012-0744: Infoleak
First published: Fri Aug 17 2012(Updated: )
IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp, or (12) cqweb/j_security_check sample script.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Rational ClearQuest | =7.1.1.1 | |
| IBM Rational ClearQuest | =7.1.1.2 | |
| IBM Rational ClearQuest | =7.1.1.3 | |
| IBM Rational ClearQuest | =7.1.1.4 | |
| IBM Rational ClearQuest | =7.1.1.5 | |
| IBM Rational ClearQuest | =7.1.1.6 | |
| IBM Rational ClearQuest | =7.1.1.7 | |
| IBM Rational ClearQuest | =7.1.1.8 | |
| IBM Rational ClearQuest | =7.1.2 | |
| IBM Rational ClearQuest | =7.1.2.1 | |
| IBM Rational ClearQuest | =7.1.2.2 | |
| IBM Rational ClearQuest | =7.1.2.3 | |
| IBM Rational ClearQuest | =7.1.2.4 | |
| IBM Rational ClearQuest | =7.1.2.5 | |
| IBM Rational ClearQuest | =7.1.2.6 | |
| IBM Rational ClearQuest | =8.0 | |
| IBM Rational ClearQuest | =8.0.0.1 | |
| IBM Rational ClearQuest | =8.0.0.2 | |
| IBM Rational ClearQuest | =8.0.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What are the potential impacts of CVE-2012-0744?
CVE-2012-0744 allows remote attackers to access potentially sensitive information from the affected versions of IBM Rational ClearQuest.
How can I determine if my IBM Rational ClearQuest version is affected by CVE-2012-0744?
You can check if your version falls within the specified ranges, such as 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3.
What steps can I take to mitigate CVE-2012-0744?
To mitigate CVE-2012-0744, apply the appropriate patches provided by IBM for your version of Rational ClearQuest.
Is CVE-2012-0744 being actively exploited in the wild?
While there is no specific data indicating active exploitation of CVE-2012-0744, it is advisable to address vulnerabilities promptly as a security best practice.
Where can I find more information about CVE-2012-0744?
For more information about CVE-2012-0744, you should reference the security advisories provided by IBM.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm rational clearquest
- version/ibm rational clearquest/7.1.1.1
- version/ibm rational clearquest/7.1.1.2
- version/ibm rational clearquest/7.1.1.3
- version/ibm rational clearquest/7.1.1.4
- version/ibm rational clearquest/7.1.1.5
- version/ibm rational clearquest/7.1.1.6
- version/ibm rational clearquest/7.1.1.7
- version/ibm rational clearquest/7.1.1.8
- version/ibm rational clearquest/7.1.2
- version/ibm rational clearquest/7.1.2.1
- version/ibm rational clearquest/7.1.2.2
- version/ibm rational clearquest/7.1.2.3
- version/ibm rational clearquest/7.1.2.4
- version/ibm rational clearquest/7.1.2.5
- version/ibm rational clearquest/7.1.2.6
- version/ibm rational clearquest/8.0
- version/ibm rational clearquest/8.0.0.1
- version/ibm rational clearquest/8.0.0.2
- version/ibm rational clearquest/8.0.0.3