actiTIME 2015.2 Multiple Vulnerabilities
Title: actiTIME 2015.2 Multiple Vulnerabilities
Advisory ID: ZSL-2015-5273
Type: Local/Remote
Impact: Spoofing, Cross-Site Scripting, Privilege Escalation
Risk: (3/5)
Release Date: 31.10.2015
Servlet Container: Jetty/5.1.4
Servlet API Version: 2.4
Java: 1.7.0_76-b13
Database: MySQL 5.1.72-community-log
Driver: MySQL-AB JDBC Driver mysql-connector-java-5.1.13
Patch level: 28.0
[19.10.2015] Vendor contacted.
[30.10.2015] No response from the vendor.
[31.10.2015] Public security advisory released.
[2] https://cxsecurity.com/issue/WLB-2015110005
[3] https://packetstormsecurity.com/files/134179
[4] http://www.securityfocus.com/bid/77403
[5] https://exchange.xforce.ibmcloud.com/vulnerabilities/107765
[6] https://exchange.xforce.ibmcloud.com/vulnerabilities/107766
[7] https://exchange.xforce.ibmcloud.com/vulnerabilities/107767
[03.11.2015] - Added reference [1], [2] and [3]
[08.11.2015] - Added reference [4]
[14.11.2015] - Added reference [5], [6] and [7]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2015-5273
Type: Local/Remote
Impact: Spoofing, Cross-Site Scripting, Privilege Escalation
Risk: (3/5)
Release Date: 31.10.2015
Summary
actiTIME is a web timesheet software. It allows you to enter time spent on different work assignments, register time offs and sick leaves, and then create detailed reports covering almost any management or accounting needs.Description
The application suffers from multiple security vulnerabilities including: Open Redirection, HTTP Response Splitting and Unquoted Service Path Elevation Of Privilege.Vendor
Actimind, Inc. - http://www.actitime.comAffected Version
2015.2 (Small Team Edition)Tested On
OS/Platform: Windows 7 6.1 for x86Servlet Container: Jetty/5.1.4
Servlet API Version: 2.4
Java: 1.7.0_76-b13
Database: MySQL 5.1.72-community-log
Driver: MySQL-AB JDBC Driver mysql-connector-java-5.1.13
Patch level: 28.0
Vendor Status
[13.10.2015] Vulnerabilities discovered.[19.10.2015] Vendor contacted.
[30.10.2015] No response from the vendor.
[31.10.2015] Public security advisory released.
PoC
actitime_mv.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://www.exploit-db.com/exploits/38602/[2] https://cxsecurity.com/issue/WLB-2015110005
[3] https://packetstormsecurity.com/files/134179
[4] http://www.securityfocus.com/bid/77403
[5] https://exchange.xforce.ibmcloud.com/vulnerabilities/107765
[6] https://exchange.xforce.ibmcloud.com/vulnerabilities/107766
[7] https://exchange.xforce.ibmcloud.com/vulnerabilities/107767
Changelog
[31.10.2015] - Initial release[03.11.2015] - Added reference [1], [2] and [3]
[08.11.2015] - Added reference [4]
[14.11.2015] - Added reference [5], [6] and [7]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
