IBM WebSphere Application Server 7.0 < Fix Pack 19 Multiple Vulnerabilities

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote application server may be affected by multiple vulnerabilities.

Description :

IBM WebSphere Application Server 7.0 before Fix Pack 19 appears to be
running on the remote host. As such, it is potentially affected by
the following vulnerabilities :

- An open redirect vulnerability exists related to the
'logoutExitPage' parameter. This can allow remote
attackers to trick users into requesting unintended
URLs. (PM35701)

- The administrative console can display a stack trace
under unspecified circumstances and can disclose
potentially sensitive information to local users.
(PM36620)

- The Installation Verification Tool servlet (IVT) does
not properly sanitize user-supplied input of arbitrary
HTML and script code, which could allow cross-site
scripting attacks. (PM40733)

- A token verification error exists in the bundled
OpenSAML library. This error can allow an attacker to
bypass security controls with an XML signature wrapping
attack via SOAP messages. (PM43254)

- A directory traversal attack is possible via unspecified
parameters in the 'help' servlet. (PM45322)

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21404665
http://www-01.ibm.com/support/docview.wss?uid=swg27009778
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27014463#70019
http://www-01.ibm.com/support/docview.wss?uid=swg1PM46122
http://www-01.ibm.com/support/docview.wss?uid=swg1PM46125
http://www-01.ibm.com/support/docview.wss?uid=swg1PM46125

Solution :

If using WebSphere Application Server, apply Fix Pack 19 (7.0.0.19) or
later.

Otherwise, if using embedded WebSphere Application Server packaged with
Tivoli Directory Server, apply the latest recommended eWAS fix pack.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 56229 ()

Bugtraq ID: 48709
48710
48890
49362

CVE ID: CVE-2011-1355
CVE-2011-1356
CVE-2011-1359
CVE-2011-1362
CVE-2011-1411