Attacker Value
Very High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2013-3018

Disclosure Date: May 24, 2018
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.

Add Assessment

2
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Very High
Technical Analysis

CVE here doesn’t show the real impact of this vulnerability and also the data is partial/misleading.

Axis2 version 1.6.2 let an attacker to read files on local filesystem. admin password is written in plaintext in a XML configuration file.
chaining this two easy vulnerabilities, an attacker is able to login as admin to Axis2 and to deploy a new webservice to achieve remote code execution.

things get worse beause we mostly find Axis2 internet-faced

to retrieve the config file an attacker can just exploit the LFI in a very basic way:
GET /axis2/services/Version?xsd=../conf/axis2.xml
then scrolling down to read username/password parameters

with given credentials, axis2_deployer (https://www.rapid7.com/db/modules/exploit/multi/http/axis2_deployer) from metasploit will let him to deploy a meterpreter session

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Vendors

  • ibm

Products

  • tivoli application dependency discovery manager,
  • tivoli application dependency discovery manager 7.1.2

Additional Info

Technical Analysis