Rational Requisite Web shows location of projects in html

[Mads Rasmussen <mads () cit com br>]

Anyone knows the Requisite Web product from Rational?

It's like Requisite Pro viewing online (something like that)

It appears that it saves the physical location of the project files (.rqs) in 
HTML option values, like this:

<OPTION VALUE="E:\projects\name\teste\Requirements\ReqPro\Reqpro.rqs">Project 
teste
</OPTION>

I was doing a pentest of a IIS4/NT4 machine with ReqWeb installed and found 
this. I guess if you could succesfully apply a remote exploit you could read 
or download all project files. All of which are confidential.

They have enabled access via internet but with apache on a linux machine in 
front. 

The fact that they have apache in front breaks the unicode bugs for IIS, but 
I am not convinced that there may exist another way to attack the machine.
I have tried to gain access using some exploits for unicode and RDS but have 
failed, which is pleasing but I am not really convinced.

I have explained them that installing patches is the best solution, but they 
rather not touch the system and feel secure when apache is running in front. 

I would like to show them that they are still vulnerable, that apache in 
front is false security.

Anyone have an idea how to help?

Regards,

Mads Rasmussen
Ci&T Systems Ltda. (www.cit.com.br)

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/