CVE-2013-4092

Name of the Vulnerable Software and Affected Versions Imperva SecureSphere version 9.0.0.5

Description The issue allows context-dependent attackers to obtain sensitive information by leveraging the presence of a session ID in the jsessionid field to "secsphLogin.jsp" or credentials in the j password parameter to "j acegi security check", and reading web-server access logs, web-server Referer logs, or the browser history.

Recommendations For Imperva SecureSphere version 9.0.0.5, consider restricting access to the "secsphLogin.jsp" and "j acegi security check" endpoints to minimize the risk of exploitation. As a temporary workaround, restrict access to web-server access logs and Referer logs, and clear browser history to reduce the exposure of sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.