Info

Disclosure

May 05, 2005

Discovery

Unknown

Dates

Exploit

May 05, 2005

Solution

Unknown

Description

Maximo contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the integrated Tomcat server fails to protect nonexecutable files, which will disclose file content information for the files left unprotected resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Public
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

MRO Software	Maximo	4
		5

References

Bugtraq ID: 13508
Secunia Advisory ID: 15176
CVE ID: 2005-1601 (see also: NVD)
ISS X-Force ID: 20452
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0042.html
Vendor URL: http://www.mro.com/corporate/assetmanagement/maximo/index.php

Credit

Felix - felix.shnirbms.com -

Direct URL: http://osvdb.org/16161

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

MRO Software

Maximo

References

Credit