Vulnerability Name:

CVE-2013-0599 (CCN-83613)

Assigned:2012-12-16
Published:2013-05-21
Updated:2017-08-29
Summary:IBM Eclipse Help System (IEHS), as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by providing a crafted parameter path and then reading the debug information associated with the 500 HTTP status code.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2013-0599

Source: CCN
Type: SA52700
IBM Rational Rhapsody and Rational Rhapsody Design Manager Eclipse Help System Security Issue

Source: CCN
Type: SA53527
IBM Rational Directory Server Help Files System Debug Information Disclosure Security Issue

Source: CCN
Type: SA53665
IBM Rational Software Architect Design Manager Eclipse Help System Security Issue

Source: CCN
Type: SA53774
IBM Rational Software Architect Design Manager Eclipse Help System Security Issue

Source: CCN
Type: SA53879
IBM Rational ClearQuest Eclipse Help System Weakness and Security Issue

Source: CCN
Type: SA53887
IBM Rational ClearQuest Eclipse Help System Weakness and Security Issue

Source: CCN
Type: SA54177
IBM Content Manager Enterprise Edition Eclipse Help System Multiple Vulnerabilities

Source: CCN
Type: SA54468
IBM InfoSphere Streams Help System Debug Information Disclosure Security Issue

Source: CCN
Type: SA54470
IBM InfoSphere Identity Insight Help System Debug Information Disclosure Security Issue

Source: CCN
Type: IBM Security Bulletin 1637151
Vulnerability in Rational Directory Server help files system with potential for debug info in error message (CVE-2013-0599)

Source: CONFIRM
Type: Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21637151

Source: CCN
Type: IBM Security Bulletin 1639112
Vulnerability in Rational Rhapsody Help System (CVE-2013-0599), affecting Rational Rhapsody and Rational Rhapsody Design Manager

Source: CCN
Type: IBM Security Bulletin 1639333
Vulnerability in Rational Software Architect Design Manager (CVE-2013-0599)

Source: CCN
Type: IBM Security Bulletin 1639856
Vulnerabilities in IBM Rational InsightÂ’s Help System (CVE-2013-0464, CVE-2013-0467 & CVE-2013-0599)

Source: CCN
Type: IBM Security Bulletin 1640017
Vulnerability in Rational Engineering Lifecycle Manager information center (CVE-2013-0599)

Source: CCN
Type: IBM Security Bulletin 1640194
The IBM Data Studio Help System may display debug information if an input parameter is out of range

Source: CCN
Type: IBM Security Bulletin 1640616
IBM OmniFind Enterprise Edition and IBM Content Analytics (CVE-2013-0599, CVE-2013-0464, CVE-2013-0467)

Source: CCN
Type: IBM Security Bulletin 1640654
Vulnerability in IBM Rational ClearQuest Help System (CVE-2013-0467 & CVE-2013-0599)

Source: CCN
Type: IBM Security Bulletin 1645446
IBM Connections Security Refresh of IBM Eclipse Help System (CVE-2013-0599)

Source: CCN
Type: IBM Security Bulletin 1646278
The embedded help system in IBM InfoSphere Streams contains a potential vulnerability (CVE-2013-0599)

Source: CCN
Type: IBM Security Bulletin 1649711
Vulnerabilities in IBM Rational Synergy's Help System (CVE-2013-0464, CVE-2013-0467 & CVE-2013-0599)

Source: CCN
Type: IBM Security Bulletin 1651414
Multiple security vulnerabilities in IEHS

Source: CCN
Type: IBM Security Bulletin 1651947
Multiple IBM Eclipse Help System (IEHS) vulnerabilities used in IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed (CVE-2013-0599, CVE-2013-0464, CVE-2013-0467)

Source: CCN
Type: IBM Security Bulletin 1662870
Multiple security vulnerabilities exist in WebSphere Transformation Extender (CVE-2013-5802 CVE-2013-4002 CVE-2013-5825 CVE-2013-5372 CVE-2013-0599 CVE-2013-0464 CVE-2013-0467 CVE-2013-2962 CVE-2013-2415)

Source: CCN
Type: IBM Security Bulletin 1670298
Multiple security vulnerabilities exist in IBM InfoSphere Data Click 10.0 (CVE-2013-3034 CVE-2013-3040 CVE-2013-0599 CVE-2013-4057 CVE-2013-4058 CVE-2013-4059 CVE-2013-4066 CVE-2013-4067)

Source: CCN
Type: IBM Security Bulletin 1670753
Fix available for security vulnerabilities related to IEHS in IBM WebSphere Portal (multiple CVEs)

Source: CCN
Type: IBM Security Bulletin 1681229
Fix available for security vulnerabilities related to IEHS in IBM Sametime Meetings and Proxy version 9 (multiple CVEs)

Source: BID
Type: UNKNOWN
60107

Source: CCN
Type: BID-60107
IBM Rational Directory Server CVE-2013-0599 Information Disclosure Vulnerability

Source: XF
Type: UNKNOWN
iehs-cve20130599-info-disclosure(83613)

Source: XF
Type: UNKNOWN
ibm-iehs-cve20130599-info-disclosure(83613)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:rational_directory_server:5.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_directory_server:5.1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_directory_server:*:*:*:*:*:*:*:* (Version <= 5.1.1.2)

    • Configuration 2:
  • cpe:/a:ibm:rational_directory_server:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_directory_server:5.2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_directory_server:5.2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_directory_server:*:*:*:*:*:*:*:* (Version <= 5.2.1)

    • Configuration CCN 1:
  • cpe:/a:ibm:websphere_mq:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:7.0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:7.0.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:7.0.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:7.0.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:7.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:eclipse_help_system:3.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:7.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:7.1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:7.1.0.2:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:rational_clearquest:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearquest:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_directory_server:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:data_studio:3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:connections:4.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_directory_server:5.2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_directory_server:5.2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_directory_server:5.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_directory_server:5.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_directory_server:5.1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_directory_server:5.1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_insight:1.1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_insight:1.1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_engineering_lifecycle_manager:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_engineering_lifecycle_manager:1.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_software_architect_design_manager:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_software_architect_design_manager:3.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_software_architect_design_manager:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_software_architect_design_manager:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:7.0.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:7.0.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:7.0.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:7.0.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:7.0.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:7.0.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:7.0.4::file_transfer:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:7.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_mq:7.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:license_metric_tool:7.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_asset_discovery_for_distributed:7.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:connections:3.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:connections:3.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:connections:3.0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:connections:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sametime:9.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sametime:9.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_portal:6.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm rational directory server 5.1.1
    ibm rational directory server 5.1.1.1
    ibm rational directory server *
    ibm rational directory server 5.2
    ibm rational directory server 5.2.0.1
    ibm rational directory server 5.2.0.2
    ibm rational directory server *
    ibm websphere mq 7.0
    ibm websphere mq 7.0.0.1
    ibm websphere mq 7.0.0.2
    ibm websphere mq 7.0.1.1
    ibm websphere mq 7.0.1.2
    ibm websphere mq 7.0.1.3
    ibm websphere mq 7.0.1.4
    ibm websphere mq 7.1
    ibm websphere mq 7.5
    ibm eclipse help system 3.4.3
    ibm websphere mq 7.5.0.1
    ibm websphere mq 7.1.0.1
    ibm websphere mq 7.1.0.2
    ibm rational clearquest 7.1
    ibm websphere portal 7.0
    ibm rational clearquest 8.0
    ibm websphere portal 8.0
    ibm rational directory server 5.2
    ibm data studio 3.1.1
    ibm connections 4.5
    ibm rational directory server 5.2.0.1
    ibm rational directory server 5.2.0.2
    ibm rational directory server 5.2.1
    ibm rational directory server 5.1.1
    ibm rational directory server 5.1.1.1
    ibm rational directory server 5.1.1.2
    ibm rational insight 1.1.1.5
    ibm rational insight 1.1.1.5
    ibm rational engineering lifecycle manager 1.0
    ibm rational engineering lifecycle manager 1.0.0.1
    ibm rational software architect design manager 3.0
    ibm rational software architect design manager 3.0.0.1
    ibm rational software architect design manager 3.0.1
    ibm rational software architect design manager 4.0
    ibm rational software architect design manager 4.0.1
    ibm rational software architect design manager 4.0.2
    ibm websphere mq 7.0.1
    ibm websphere mq 7.0.1.5
    ibm websphere mq 7.0.1.6
    ibm websphere mq 7.0.1.8
    ibm websphere mq 7.0.1.7
    ibm websphere mq 7.0.1.9
    ibm websphere mq 7.0.1.10
    ibm websphere mq 7.0.4
    ibm websphere mq 7.5.0.2
    ibm websphere mq 7.1.0.3
    ibm license metric tool 7.5
    ibm tivoli asset discovery for distributed 7.5
    ibm connections 3.0.0.0
    ibm connections 3.0.1.0
    ibm connections 3.0.1.1
    ibm connections 4.0
    ibm sametime 9.0.0.0
    ibm sametime 9.0.0.1
    ibm rational rhapsody design manager 4.0.2
    ibm websphere portal 6.1