It is possible to retrieve the absolute path of the web server installation, which might help an attacker to develop further attacks and to gain information about the file system structure of the web application. Here’s one example that was found out of several throughout the application:
- URL: https:// [SERVER]/birt/frameset?_docId=15691238&_langId=1&_primaryGroupId=10002490&_secondaryGroupId=1008&__svg=false&__locale=en_US&__showtitle=false&_queryId=133972&__report=C:\IBM\Tririga350B\userfiles\birt\resources\15691238-1452325440860\Balance_Sheet_Future_Accounting.rptdesign
This is seen throughout the application.
The BIRT framework allowed the full path to be passed in via an HTTP parameter. A security vulnerability was mitigated in the BIRT report preview in which some server data was revealed.