CVE-2009-4357 Information

Description

CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login which might allow attackers to discover the passwords for user accounts via unspecified vectors.

Reference

http://secunia.com/advisories/37811 http://securitytracker.com/id?1023370 http://www.securityfocus.com/bid/37385 http://www.vupen.com/english/advisories/2009/3580 http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377