CVE-2013-4093

Imperva Securesphere - Path Traversal

Title source: rule

Description

The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via (1) a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath field, or (2) a T/keyManagement request to plain/settings.html, which reveals a temporary path in an error message.

Exploits (1)

exploitdb WRITEUP
webappsjsp
https://www.exploit-db.com/exploits/25977

References (2)

Scores

EPSS 0.0504
EPSS Percentile 89.8%

Details

CWE
CWE-22
Status published
Products (1)
imperva/securesphere 9.0.0.5
Published Jun 28, 2013
Tracked Since Feb 18, 2026