IBM WebSphere Application Server 8.0.0.10 < 8.0.0.14 / 8.5.5.3 < 8.5.5.12 / 9.0.0.0 < 9.0.0.4 OIDC Privilege Escalation

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote web application server is affected by a privilege
escalation vulnerability.

Description :

The IBM WebSphere Application Server running on the remote host is
version 8.0.0.10 prior to 8.0.0.14, 8.5.5.3 prior to 8.5.5.12, or
9.0.0.0 prior to 9.0.0.4. It is, therefore, affected by a privilege
escalation vulnerability in the OpenID Connect (OIDC) Trust
Association Interceptor (TAI) that is triggered when the
com.ibm.websphere.security.InvokeTAIbeforeSSO custom property includes
the OIDC TAI class name com.ibm.ws.security.oidc.client.RelyingParty.
An unauthenticated, remote attacker can exploit this to gain elevated
privileges.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21999293

Solution :

Apply IBM WebSphere Application Server version 8.0 Fix Pack 14
(8.0.0.14) / 8.5 Fix Pack 12 (8.5.5.12) / 9.0 Fix Pack 4 (9.0.0.4)
or later. Alternatively, upgrade to the minimal fix pack levels
required by the interim fix and then apply Interim Fix PI74857. As a
workaround, disable InvokeTAIbeforeSSO for the OIDC TAI class per the
vendor advisory.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 97858 ()

Bugtraq ID: 96841

CVE ID: CVE-2017-1151

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now