IBM WebSphere Application Server 7.0 < Fix Pack 15 Multiple Vulnerabilities

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote application server is affected by multiple vulnerabilities.

Description :

IBM WebSphere Application Server 7.0 before Fix Pack 15 appears to be
running on the remote host. As such, it is reportedly affected by the
following vulnerabilities :

- A double free error in BBOOORBR control block could
trigger a denial of service condition. (PM17170)

- A cross-site scripting vulnerability exists in the
web container. (PM18512)

- It is possible for authenticated users to trigger a DoS
condition by using Lightweight Third-Party
Authentication (LTPA) tokens for authentication.
(PM18644)

- Sensitive wsadmin command parameters are included in
trace files, which could result in an information
disclosure vulnerability. (PM18736)

- A memory leak in
'com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl' could
trigger a DoS condition. (PM19500)

- It is possible to trigger a DoS condition via SAAJ
API provided by the WebSphere Web services runtime.
(PM19534)

- The Service Integration Bus (SIB) messaging engine is
affected by a DoS issue. (PM19834)

- The installer creates a temporary log file directory
with open '777' permissions. (PM20021)

- A cross-site scripting vulnerability exists in the
IVT application.(PM20393)

- User credentials are not cleared from the cache, even
after an user has logged out. (PM21536)

- Trace requests are not handled correctly, which could
result in an unspecified issue. (PM22860)

- A memory leak in
'org.apache.jasper.runtime.JspWriterImpl.response' could
trigger a denial of service condition. (PM23029)

- Under certain conditions, SIP proxy may stop processing
UDP messages, resulting in a DoS condition. (PM23115)

- Memory leak in the messaging engine could trigger a
denial of service condition. (PM23626)

- Improper access is allowed to certain control servlets.
(PM24372)

- The AuthCache purge implementation is not able to
purge a user in AuthCache. (PM24668)

- Incorrect security role mapping could occur while
using J2EE 1.4 application. (PM25455)

- It is possible for Administrator role members to modify
primary administrative id via the administrative
console. (PK88606)

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21404665
http://www-01.ibm.com/support/docview.wss?uid=swg27009778
http://www-01.ibm.com/support/docview.wss?uid=swg1PM17170
http://www-01.ibm.com/support/docview.wss?uid=swg1PM18644
http://www-1.ibm.com/support/docview.wss?uid=swg1PM19500
http://www-01.ibm.com/support/docview.wss?uid=swg1PM19534
http://www-1.ibm.com/support/docview.wss?uid=swg1PM19834
http://www-1.ibm.com/support/docview.wss?uid=swg1PM24668
http://www-1.ibm.com/support/docview.wss?uid=swg1PM21536
http://www-01.ibm.com/support/docview.wss?uid=swg1PM23115
http://www-1.ibm.com/support/docview.wss?uid=swg1PK88606
http://www-01.ibm.com/support/docview.wss?uid=swg27014463#70015

Solution :

If using WebSphere Application Server, apply Fix Pack 15 (7.0.0.15) or
later.

Otherwise, if using embedded WebSphere Application Server packaged with
Tivoli Directory Server, apply the latest recommended eWAS fix pack.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true