IBM WebSphere Application Server 6.1 < Fix Pack 47 Multiple Vulnerabilities

critical Nessus Plugin ID 70022

Synopsis

The remote application server may be affected by multiple vulnerabilities.

Description

IBM WebSphere Application Server 6.1 before Fix Pack 47 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities :

- A remote attacker can bypass authentication because of improper user validation on Linux, Solaris, and HP-UX platforms that use a LocalOS registry.
(CVE-2013-0543, PM75582)

- A denial of service can be caused by the way Apache Ant uses bzip2 to compress files. This can be exploited by a local attacker passing specially crafted input.
(CVE-2012-2098, PM90088)

- A local attacker can cause a denial of service on Windows platforms with a LocalOS registry using WebSphere Identity Manager. (CVE-2013-0541, PM74909)

- Remote attackers can traverse directories by deploying a specially crafted application file to overwrite files outside of the application deployment directory.
(CVE-2012-3305, PM62467)

- The TLS protocol implementation is susceptible to plaintext-recovery attacks via statistical analysis of timing data for crafted packets. (CVE-2013-0169, PM85211)

- Terminal escape sequences are not properly filtered from logs. Remote attackers could execute arbitrary commands via an HTTP request containing an escape sequence.
(CVE-2013-1862, PM87808)

- Improper validation of user input allows for cross-site request forgery. By persuading an authenticated user to visit a malicious website, a remote attacker could exploit this vulnerability to obtain sensitive information. (CVE-2012-4853, CVE-2013-3029, PM62920, PM88746)

- Improper validation of user input in the administrative console allows for multiple cross-site scripting attacks. (CVE-2013-0458, CVE-2013-0459, CVE-2013-0461, CVE-2013-0542, CVE-2013-0596, CVE-2013-2967, CVE-2013-4005, CVE-2013-4052, PM71139, PM72536, PM71389, PM73445, PM78614, PM81846, PM88208, PM91892)

- Improper validation of portlets in the administrative console allows for cross-site request forgery, which could allow an attacker to obtain sensitive information.
(CVE-2013-0460, PM72275)

- Remote, authenticated attackers can traverse directories on Linux and UNIX systems running the application.
(CVE-2013-0544, PM82468)

- A denial of service attack is possible if the optional mod_dav module is being used. (CVE-2013-1896, PM89996)

- Sensitive information can be obtained by a local attacker because of incorrect caching by the administrative console. (CVE-2013-2976, PM79992)

- An attacker may gain elevated privileges because of improper certificate checks. WS-Security and XML Digital Signatures must be enabled. (CVE-2013-4053, PM90949, PM91521)

- Deserialization of a maliciously crafted OpenJPA object can result in an executable file being written to the file system. WebSphere is NOT vulnerable to this issue but the vendor suggests upgrading to be proactive.
(CVE-2013-1768, PM86780, PM86786, PM86788, PM86791)

Solution

If using WebSphere Application Server, apply Fix Pack 47 (6.1.0.47) or later.

Otherwise, if using embedded WebSphere Application Server packaged with Tivoli Directory Server, apply the latest recommended eWAS fix pack.

See Also

http://www.nessus.org/u?187690fd

https://www-304.ibm.com/support/docview.wss?uid=swg21647522

http://www-01.ibm.com/support/docview.wss?uid=swg24035508

https://www-304.ibm.com/support/docview.wss?&uid=swg27004980#ver61

Plugin Details

Severity: Critical

ID: 70022

File Name: websphere_6_1_0_47.nasl

Version: 1.15

Type: remote

Family: Web Servers

Published: 9/20/2013

Updated: 12/5/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2013-0462

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server

Required KB Items: www/WebSphere

Exploit Ease: No known exploits are available

Patch Publication Date: 9/11/2013

Vulnerability Publication Date: 5/23/2012

Reference Information

CVE: CVE-2012-2098, CVE-2012-3305, CVE-2012-4853, CVE-2013-0169, CVE-2013-0458, CVE-2013-0459, CVE-2013-0460, CVE-2013-0461, CVE-2013-0462, CVE-2013-0541, CVE-2013-0542, CVE-2013-0543, CVE-2013-0544, CVE-2013-0596, CVE-2013-1768, CVE-2013-1862, CVE-2013-1896, CVE-2013-2967, CVE-2013-2976, CVE-2013-3029, CVE-2013-4005, CVE-2013-4052, CVE-2013-4053

BID: 53676, 55678, 56458, 57508, 57509, 57510, 57512, 57513, 57778, 59247, 59248, 59250, 59251, 59826, 60534, 61129, 61901, 61937, 61940, 61941, 62336, 62338

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990