IBM WebSphere Application Server 7.0 < Fix Pack 21 Multiple Vulnerabilities

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote application server may be affected by multiple vulnerabilities.

Description :

IBM WebSphere Application Server 7.0 before Fix Pack 21 appears to be
running on the remote host. As such, it is potentially affected by
the following vulnerabilities :

- An unspecified cross-site scripting issue exists
related to the 'Web 2.0 Messaging service'. (PM37840)

- A security exposure when using WS-Security could result
in a user gaining elevated privileges in applications
using JAX-WS. (PM43585 / CVE-2011-1377)

- Insecure file permissions are applied to the files in
the '$WAS_HOME/systemapps/isclite.ear' and
'$WAS_HOME/bin/client_ffdc' directories. These
permissions can allow a local attacker to read or write
files in those directories. Note this issue only affects
the application on the IBM i operating system. (PM49712)

- An error exists in the class
'javax.naming.directory.AttributeInUseException' and can
allow old passwords to still provide access. This error
is triggered when passwords are updated by using IBM
Tivoli Directory Server. (PM52049)

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21404665
http://www-01.ibm.com/support/docview.wss?uid=swg27009778
http://www-01.ibm.com/support/docview.wss?uid=swg21587536
http://www-01.ibm.com/support/docview.wss?uid=swg21569205
http://www-01.ibm.com/support/docview.wss?uid=swg24031366
http://www.nessus.org/u?609dea34
http://www-01.ibm.com/support/docview.wss?uid=swg27014463#70021

Solution :

If using WebSphere Application Server, apply Fix Pack 21 (7.0.0.21) or
later.

Otherwise, if using embedded WebSphere Application Server packaged with
Tivoli Directory Server, apply the latest recommended eWAS fix pack.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 3.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 58595 ()

Bugtraq ID: 50310
51420
52723

CVE ID: CVE-2011-1376
CVE-2011-1377
CVE-2011-4889