IBM WebSphere Application Server 8.0 < Fix Pack 9 Multiple Vulnerabilities

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote application server is affected by multiple vulnerabilities.

Description :

IBM WebSphere Application Server 8.0 prior to Fix Pack 9 is running on
the remote host. It is, therefore, affected by the following
vulnerabilities :

- A cross-site scripting flaw exists within the
Administration Console, where user input is improperly
validated. This could allow a remote attacker, with a
specially crafted request, to execute arbitrary script
code within the browser / server trust relationship.
(CVE-2013-6323, PI04777 and PI04880)

- A denial of service flaw exists within the Global
Security Kit when handling SSLv2 resumption during the
SSL/TLS handshake. This could allow a remote attacker
to crash the program. (CVE-2013-6329, PI05309)

- A buffer overflow flaw exists in the HTTP server with
the mod_dav module when using add-ons. This could allow
a remote attacker to cause a buffer overflow and a
denial of service. (CVE-2013-6438, PI09345)

- A cross-site scripting flaw exists within OAuth where
user input is not properly validated. This could allow
a remote attacker, with a specially crafted request, to
execute arbitrary script code within the browser /
server trust relationship. (CVE-2013-6738, PI05661)

- A denial of service flaw exists within the Global
Security Kit when handling X.509 certificate chain
during the initiation of a SSL/TLS connection. A remote
attacker, using a malformed certificate chain, could
cause the client or server to crash by hanging the
Global Security Kit. (CVE-2013-6747, PI09443)

- A denial of service flaw exists within the Apache
Commons FileUpload when parsing a content-type header
for a multipart request. A remote attacker, using a
specially crafted request, could crash the program.
(CVE-2014-0050, PI12648, PI12926 and PI13162)

- A flaw exists in the Elliptic Curve Digital Signature
Algorithm implementation which could allow a malicious
process to recover ECDSA nonces.
(CVE-2014-0076, PI19700)

- A denial of service flaw exists in the 'mod_log_config'
when logging a cookie with an unassigned value. A remote
attacker, using a specially crafted request, can cause
the program to crash. (CVE-2014-0098, PI13028)

- An information disclosure flaw exists in the
'sun.security.rsa.RSAPadding' with 'PKCS#1' unpadding.
This many allow a remote attacker to gain timing
information intended to be protected by encryption.
(CVE-2014-0453)

- A flaw exists with 'com.sun.jndi.dns.DnsClient' related
to the randomization of query IDs. This could allow a
remote attacker to conduct spoofing attacks.
(CVE-2014-0460)

- A flaw exists in the Full and Liberty profiles. A remote
attacker, using a specially crafted request, could gain
access to arbitrary files. (CVE-2014-0823, PI05324)

- An information disclosure flaw exists within the
Administrative Console. This could allow a network
attacker, using a specially crafted request, to gain
privileged access. (CVE-2014-0857, PI07808)

- A denial of service flaw exists in a web server plugin
on servers configured to retry failed POST request. This
could allow a remote attacker to crash the application.
(CVE-2014-0859, PI08892)

- An information disclosure flaw exists within Proxy and
ODR servers. This could allow a remote attacker, using a
specially crafted request, to gain access to potentially
sensitive information. (CVE-2014-0891, PI09786)

- A denial of service flaw exists within the IBM Security
Access Manager for Web with the Reverse Proxy component.
This could allow a remote attacker, using specially
crafted TLS traffic, to cause the application on the
system to become unresponsive. (CVE-2014-0963, PI17025)

- An information disclosure flaw exists when handling SOAP
responses. This could allow a remote attacker to
potentially gain access to sensitive information.
(CVE-2014-0965, PI11434)

- An information disclosure flaw exists. A remote
attacker, using a specially crafted URL, could gain
access to potentially sensitive information.
(CVE-2014-3022, PI09594)

See also :

https://www-304.ibm.com/support/docview.wss?uid=swg21676092
https://www-304.ibm.com/support/docview.wss?uid=swg21659548
https://www-304.ibm.com/support/docview.wss?uid=swg21663941
https://www-304.ibm.com/support/docview.wss?uid=swg21667254
https://www-304.ibm.com/support/docview.wss?uid=swg21667526
https://www-304.ibm.com/support/docview.wss?uid=swg21672843
https://www-304.ibm.com/support/docview.wss?uid=swg21673013

Solution :

Apply Fix Pack 9 for version 8.0 (8.0.0.9) or later.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true