IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session.

IBM WebSphere Application Server 8.5 before Fix Pack 2 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities :

  - The included Java SDK contains several errors that     affect the application directly. (CVE-2013-0169,     CVE-2013-0440, CVE-2013-0443)

  - Input validation errors exist related to the     administration console that could allow cross-site     scripting attacks. (CVE-2013-0458 / PM71139,     CVE-2013-0461 / PM71389, CVE-2013-0542 / PM81846,     CVE-2013-0565 / PM83402)

  - An input validation error exists related to the     administration console that could allow cross-site     scripting attacks. Note that this issue affects only     the application when running on z/OS operating systems.
    (CVE-2013-0459 / PM72536)

  - An unspecified error could allow security bypass for     authenticated users. (CVE-2013-0462 / PM76886 or     PM79937)

  - An error exists related to 'WS-Security' and SOAP     message handling that could allow an attacker to spoof     message signatures. (CVE-2013-0482 / PM76582)

  - An error exists related to authentication cookies that     could allow remote attackers to gain access to     restricted resources. Note this only affects the     application when running the 'Liberty Profile'.
    (CVE-2013-0540 / PM81056)

  - A buffer overflow error exists related to 'WebSphere     Identity Manger (WIM)' that could allow denial of     service attacks. (CVE-2013-0541 / PM74909)

  - An unspecified error could allow security bypass, thus     allowing remote attackers access to restricted resources     on HP, Linux and Solaris hosts.
    (CVE-2013-0543 / PM75582)

  - An unspecified error related to the administration     console could allow directory traversal attacks on     Unix and Linux hosts. (CVE-2013-0544 / PM82468)

Detections

Analytics

CVE-2013-0540

medium

Tenable Plugins

critical