IBM WebSphere Application Server 7.0.0.x <= 188.8.131.52 / 8.0.0.x <= 184.108.40.206 / 8.5.x < 220.127.116.11 / 9.0.0.x < 18.104.22.168 Admin Console Directory Traversal Vulnerability (CVE-2018-1770)
Medium Nessus Plugin ID 119679
SynopsisThe remote web application server is affected by a directory traversal vulnerability.
DescriptionThe IBM WebSphere Application Server running on the remote host is version 22.214.171.124 through 126.96.36.199, 188.8.131.52 through 184.108.40.206, 8.5.x prior to 220.127.116.11, or 9.0.0.x prior to 18.104.22.168. It is, therefore, affected by a directory traversal vulnerability in the admin console.
An authenticated, remote attacker can exploit this, by sending a URI that contains directory traversal characters, to disclose the contents of files located outside of the server's restricted path.
SolutionUpgrade to IBM WebSphere Application Server 22.214.171.124 or 126.96.36.199 or later. Alternatively, upgrade to the minimal fix pack levels required by the interim fix and then apply Interim Fix PH01617.