IBM WebSphere Application Server 7.0 < Fix Pack 33 Multiple Vulnerabilities

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote application server is affected by multiple vulnerabilities.

Description :

IBM WebSphere Application Server 7.0 prior to Fix Pack 33 is running
on the remote host. It is, therefore, affected by the following
vulnerabilities :

- A cross-site scripting flaw exists within the
Administration Console, where user input is improperly
validated. This could allow a remote attacker, with a
specially crafted request, to execute arbitrary script
code within the browser / server trust relationship.
(CVE-2013-6323, PI04777 and PI04880)

- A denial of service flaw exists within the Global
Security Kit when handling SSLv2 resumption during the
SSL/TLS handshake. This could allow a remote attacker
to crash the program. (CVE-2013-6329, PI05309)

- A buffer overflow flaw exists in the HTTP server with
the mod_dav module when using add-ons. This could allow
a remote attacker to cause a buffer overflow and a
denial of service. (CVE-2013-6438, PI09345)

- A cross-site scripting flaw exists within OAuth where
user input is not properly validated. This could allow
a remote attacker, with a specially crafted request, to
execute arbitrary script code within the browser /
server trust relationship. (CVE-2013-6738, PI05661)

- A denial of service flaw exists within the Global
Security Kit when handling X.509 certificate chain
during the initiation of an SSL/TLS connection. A remote
attacker, using a malformed certificate chain, could
cause the client or server to crash by hanging the
Global Security Kit. (CVE-2013-6747, PI09443)

- A denial of service flaw exists within the Apache
Commons FileUpload when parsing a content-type header
for a multipart request. A remote attacker, using a
specially crafted request, could crash the program.
(CVE-2014-0050, PI12648, PI12926 and PI13162)

- A denial of service flaw exists in the 'mod_log_config'
when logging a cookie with an unassigned value. A remote
attacker, using a specially crafted request, can cause
the program to crash. (CVE-2014-0098, PI13028)

- A remote code execution flaw exists with Apache Struts.
The failure to restrict setting of Class loader
attributes could allow a remote attacker to
execute arbitrary script code. (CVE-2014-0114, PI17190)

- An information disclosure flaw exists in the
'sun.security.rsa.RSAPadding' with 'PKCS#1' unpadding.
This many allow a remote attacker to gain timing
information intended to be protected by encryption.
(CVE-2014-0453)

- A flaw exists within 'com.sun.jndi.dns.DnsClient'
related to the randomization of query IDs. This could
allow a remote attacker to conduct spoofing attacks.
(CVE-2014-0460)

- A denial of service flaw exists in a web server plugin
on servers configured to retry failed POST request. This
could allow a remote attacker to crash the application.
(CVE-2014-0859, PI08892)

- A flaw exists with the 'IBMJCE' and 'IBMSecureRandom'
cryptographic providers by generating numbers in a
predictable manner. This could allow a remote attacker
to easily guess the output of the random number
generator. (CVE-2014-0878)

- An information disclosure flaw exists within Proxy and
ODR servers. This could allow a remote attacker, using a
specially crafted request, to gain access to potentially
sensitive information. (CVE-2014-0891, PI09786)

- A denial of service flaw exists within the IBM Security
Access Manager for Web with the Reverse Proxy component.
This could allow a remote attacker, using specially
crafted TLS traffic, to cause the application on the
system to become unresponsive. (CVE-2014-0963, PI17025)

- An information disclosure flaw exists when handling SOAP
responses. This could allow a remote attacker to
potentially gain access to sensitive information.
(CVE-2014-0965, PI11434)

- An information disclosure flaw exists. A remote
attacker, using a specially crafted URL, could gain
access to potentially sensitive information.
(CVE-2014-3022, PI09594)

See also :

https://www-304.ibm.com/support/docview.wss?uid=swg21676091
https://www-304.ibm.com/support/docview.wss?uid=swg21659548
https://www-304.ibm.com/support/docview.wss?uid=swg21663941
https://www-304.ibm.com/support/docview.wss?uid=swg21667254
https://www-304.ibm.com/support/docview.wss?uid=swg21667526
https://www-304.ibm.com/support/docview.wss?uid=swg21672843
https://www-304.ibm.com/support/docview.wss?uid=swg21672316
https://www-304.ibm.com/support/docview.wss?uid=swg21673013

Solution :

If using WebSphere Application Server, apply Fix Pack 33 (7.0.0.33) or
later.

Otherwise, if using embedded WebSphere Application Server packaged
with Tivoli Directory Server, apply the latest recommended eWAS fix
pack.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true