CVE-2013-4091

Imperva SecureSphere 9.0.0.5 - Password Field Autocomplete Information Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4091.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in Imperva SecureSphere Operations Manager, including command execution (post-authentication), file upload flaws, and information disclosure issues. It provides technical descriptions, HTTP request examples, and proof of arbitrary file upload and OS command execution.

Description

The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

Exploits (1)

exploitdb WRITEUP
webappsjsp
https://www.exploit-db.com/exploits/25977

This advisory details multiple vulnerabilities in Imperva SecureSphere Operations Manager, including command execution (post-authentication), file upload flaws, and information disclosure issues. It provides technical descriptions, HTTP request examples, and proof of arbitrary file upload and OS command execution.

Classification
Writeup 95%
Attack Type
Rce | Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Imperva SecureSphere Operations Manager 9.0.0.5 Enterprise Edition
Auth required
Prerequisites: Valid credentials for SecureSphere Operations Manager · Access to the Key Management or Action Sets functionality
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

EPSS 0.0559
EPSS Percentile 91.9%

Details

CWE
CWE-255
Status published
Products (1)
imperva/securesphere 9.0.0.5
Published Jun 28, 2013
Tracked Since Feb 18, 2026