IBM WebSphere Application Server 6.1 < Fix Pack 47 Multiple Vulnerabilities
Critical Nessus Plugin ID 70022
SynopsisThe remote application server may be affected by multiple vulnerabilities.
DescriptionIBM WebSphere Application Server 6.1 before Fix Pack 47 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities :
- A remote attacker can bypass authentication because of improper user validation on Linux, Solaris, and HP-UX platforms that use a LocalOS registry.
- A denial of service can be caused by the way Apache Ant uses bzip2 to compress files. This can be exploited by a local attacker passing specially crafted input.
- A local attacker can cause a denial of service on Windows platforms with a LocalOS registry using WebSphere Identity Manager. (CVE-2013-0541, PM74909)
- Remote attackers can traverse directories by deploying a specially crafted application file to overwrite files outside of the application deployment directory.
- The TLS protocol implementation is susceptible to plaintext-recovery attacks via statistical analysis of timing data for crafted packets. (CVE-2013-0169, PM85211)
- Terminal escape sequences are not properly filtered from logs. Remote attackers could execute arbitrary commands via an HTTP request containing an escape sequence.
- Improper validation of user input allows for cross-site request forgery. By persuading an authenticated user to visit a malicious website, a remote attacker could exploit this vulnerability to obtain sensitive information. (CVE-2012-4853, CVE-2013-3029, PM62920, PM88746)
- Improper validation of user input in the administrative console allows for multiple cross-site scripting attacks. (CVE-2013-0458, CVE-2013-0459, CVE-2013-0461, CVE-2013-0542, CVE-2013-0596, CVE-2013-2967, CVE-2013-4005, CVE-2013-4052, PM71139, PM72536, PM71389, PM73445, PM78614, PM81846, PM88208, PM91892)
- Improper validation of portlets in the administrative console allows for cross-site request forgery, which could allow an attacker to obtain sensitive information.
- Remote, authenticated attackers can traverse directories on Linux and UNIX systems running the application.
- A denial of service attack is possible if the optional mod_dav module is being used. (CVE-2013-1896, PM89996)
- Sensitive information can be obtained by a local attacker because of incorrect caching by the administrative console. (CVE-2013-2976, PM79992)
- An attacker may gain elevated privileges because of improper certificate checks. WS-Security and XML Digital Signatures must be enabled. (CVE-2013-4053, PM90949, PM91521)
- Deserialization of a maliciously crafted OpenJPA object can result in an executable file being written to the file system. WebSphere is NOT vulnerable to this issue but the vendor suggests upgrading to be proactive.
(CVE-2013-1768, PM86780, PM86786, PM86788, PM86791)
SolutionIf using WebSphere Application Server, apply Fix Pack 47 (18.104.22.168) or later.
Otherwise, if using embedded WebSphere Application Server packaged with Tivoli Directory Server, apply the latest recommended eWAS fix pack.