Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:INFO-LEAK:PENTAHO-BAPDI-ID

Severity

 Minor

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Pentaho BA Suite PDI Information Disclosure

Release Date

 2019/03/19

Update Number

 3154

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Pentaho BA Suite PDI Information Disclosure


This signature detects attempts to exploit a known vulnerability against Pentaho BA(Business Analytics) & PDI (Pentaho Data Integration) suite. A successful attack can lead to Sensitive Information Disclosure.

Extended Description

The GetResource servlet in Pentaho Business Analytics (BA) Suite 4.5.x, 4.8.x, and 5.0.x through 5.2.x and Pentaho Data Integration (PDI) Suite 4.3.x, 4.4.x, and 5.0.x through 5.2.x does not restrict access to files in the pentaho-solutions/system folder, which allows remote attackers to obtain passwords and other sensitive information via a file name in the resource parameter.

Affected Products

  • Pentaho business_analytics 4.5
  • Pentaho business_analytics 4.8
  • Pentaho business_analytics 5.0
  • Pentaho business_analytics 5.1
  • Pentaho business_analytics 5.2
  • Pentaho data_integration 4.3
  • Pentaho data_integration 4.4
  • Pentaho data_integration 5.0
  • Pentaho data_integration 5.1
  • Pentaho data_integration 5.2

References

  • CVE: CVE-2015-6940

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out