IBM WebSphere Application Server 7.0.0.x <= 22.214.171.124 / 8.0.0.x <= 126.96.36.199 / 8.5.x < 188.8.131.52 / 9.0.0.x < 184.108.40.206 Admin Console Directory Traversal Vulnerability (CVE-2018-1770)
Medium Nessus Plugin ID 119679
SynopsisThe remote web application server is affected by a directory traversal vulnerability.
DescriptionThe IBM WebSphere Application Server running on the remote host is version 220.127.116.11 through 18.104.22.168, 22.214.171.124 through 126.96.36.199, 8.5.x prior to 188.8.131.52, or 9.0.0.x prior to 184.108.40.206. It is, therefore, affected by a directory traversal vulnerability in the admin console.
An authenticated, remote attacker can exploit this, by sending a URI that contains directory traversal characters, to disclose the contents of files located outside of the server's restricted path.
SolutionUpgrade to IBM WebSphere Application Server 220.127.116.11 or 18.104.22.168 or later. Alternatively, upgrade to the minimal fix pack levels required by the interim fix and then apply Interim Fix PH01617.