CVE-2013-4094

Imperva SecureSphere - Authenticated Arbitrary File Upload via Key Management Feature

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4094.

AI-analyzed exploit summary This is a detailed technical advisory describing multiple vulnerabilities in Imperva SecureSphere Operations Manager, including command execution, file upload, and information disclosure issues. It provides HTTP request examples and technical details but does not include functional exploit code.

Description

The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) private_key or (2) public_key parameter in a T/keyManagement request to plain/settings.html, as demonstrated by uploading a Linux ELF file and a shell script.

Exploits (1)

exploitdb WRITEUP
webappsjsp
https://www.exploit-db.com/exploits/25977

This is a detailed technical advisory describing multiple vulnerabilities in Imperva SecureSphere Operations Manager, including command execution, file upload, and information disclosure issues. It provides HTTP request examples and technical details but does not include functional exploit code.

Classification
Writeup 95%
Attack Type
Rce | Info Leak
Complexity
Moderate
Reliability
Theoretical
Target: Imperva SecureSphere Operations Manager 9.0.0.5 Enterprise Edition
Auth required
Prerequisites: Authenticated access to the SecureSphere Operations Manager · Access to the Key Management or Action Sets functionality
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

EPSS 0.0563
EPSS Percentile 91.9%

Details

CWE
CWE-20
Status published
Products (1)
imperva/securesphere 9.0.0.5
Published Jun 28, 2013
Tracked Since Feb 18, 2026