IBM WebSphere Application Server 7.0 < Fix Pack 1

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.


Synopsis :

The remote application server is affected by multiple vulnerabilities.

Description :

IBM WebSphere Application Server 7.0 before Fix Pack 1 appears to be
running on the remote host. As such, it is reportedly affected by
multiple vulnerabilities.

- The PerfServlet code writes sensitive information in
the 'systemout.log' and ffdc files, provided
Performance Monitoring Infrastructure (PMI) is enabled.
(PK63886)

- A vulnerability in feature pack for web services could
lead to information disclosure due to 'userNameToken'.
(PK67282)

- A user locked by the underlying OS may be able to
authenticate via the administrative console. (PK67909)

- Web authentication options 'Authenticate when any URI is
accessed' and 'Use available authentication data when an
unprotected URI is accessed' are ignored. Servlets with
with no security constraints are not authenticated and
usernames with '@' symbol fail to authenticate.
(PK71826)

- WS-Security in JAX-WS does not remove UsernameTokens
from client cache on failed logins. (PK72435)

- WSPolicy discloses password in SOAP messages even though
IDAssertion.isUsed is set to true, and a simple user
name token policyset is used. (PK73573)

- SSL traffic is routed over unencrypted TCP routes.
(PK74777)

- By sending a specially crafted request, it may be
possible for an remote attacker to gain access to
certain JSP pages that require authorization.
(PK75248)

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg24021073
http://www-01.ibm.com/support/docview.wss?uid=swg1PK67909
http://www-01.ibm.com/support/docview.wss?uid=swg1PK71826
http://www-01.ibm.com/support/docview.wss?uid=swg1PK72435
http://www-01.ibm.com/support/docview.wss?uid=swg27014463#7001

Solution :

Apply Fix Pack 1 (7.0.0.1) or later.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 3.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false