CVE-2013-4093

Imperva SecureSphere 9.0.0.5 - Information Disclosure via Direct Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4093.

AI-analyzed exploit summary This is a detailed technical advisory describing multiple vulnerabilities in Imperva SecureSphere Operations Manager, including command execution, file upload, and information disclosure issues. It provides specific HTTP request examples and technical details but does not include functional exploit code.

Description

The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via (1) a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath field, or (2) a T/keyManagement request to plain/settings.html, which reveals a temporary path in an error message.

Exploits (1)

exploitdb WRITEUP
webappsjsp
https://www.exploit-db.com/exploits/25977

This is a detailed technical advisory describing multiple vulnerabilities in Imperva SecureSphere Operations Manager, including command execution, file upload, and information disclosure issues. It provides specific HTTP request examples and technical details but does not include functional exploit code.

Classification
Writeup 100%
Attack Type
Info Leak | Rce
Complexity
Moderate
Reliability
Theoretical
Target: Imperva SecureSphere Operations Manager 9.0.0.5 Enterprise Edition
Auth required
Prerequisites: Authenticated access to the SecureSphere Operations Manager · Access to the Key Management or Action Sets functionality
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

EPSS 0.0688
EPSS Percentile 93.2%

Details

CWE
CWE-22
Status published
Products (1)
imperva/securesphere 9.0.0.5
Published Jun 28, 2013
Tracked Since Feb 18, 2026