Vigil@nce - WebSphere AS 8.5: thirteen vulnerabilities
November 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of WebSphere
Application Server.
Impacted products: WebSphere AS
Severity: 2/4
Creation date: 29/10/2012
DESCRIPTION OF THE VULNERABILITY
Thirteen vulnerabilities were announced in WebSphere Application
Server.
The session identifier is not properly updated, so an attacker can
gain privileges of the victim. [severity:2/4; BID-55678,
CVE-2012-3304, PM54356]
An attacker can use a Cross Frame Scripting on the administrative
console. [severity:2/4; BID-54819, BID-55149, CVE-2012-3293,
PM60839]
When a Federated Repository is used, WOLA (Optimized Local
Adapters) connections are allowed to EJB applications.
[severity:2/4; BID-55671, CVE-2012-3311, PM61388]
When a malicious application is deployed, script/executable files
located outside the directory are overwritten. [severity:2/4;
BID-55678, CVE-2012-3305, PM62467]
An attacker can generate a Cross Site Request Forgery of
WASReqURL. [severity:2/4; BID-56458, CVE-2012-4853, PM62920]
An attacker can send malicious SSL packets, in order to create a
denial of service (VIGILANCE-VUL-12037 (https://vigilance.fr/tree/1/12037)
and VIGILANCE-VUL-12038 (https://vigilance.fr/tree/1/12038)).
[severity:2/4; BID-55185, CVE-2012-2190, CVE-2012-2191, PM66218]
When there are several security domains, the authentication cache
is not properly purged. [severity:2/4; BID-55678, CVE-2012-3306,
PM66514]
When PM44303 is installed on IBM WebSphere Application Server, a
local attacker can access to administration features
(VIGILANCE-VUL-11907 (https://vigilance.fr/tree/1/11907)).
[severity:2/4; BID-55309, CERTA-2012-AVI-475, CVE-2012-3325,
PM71296]
An attacker can stop the proxy. [severity:2/4; BID-56459,
CVE-2012-3330, PM71319]
An attacker, who can control HTTPS connections of victim’s web
browser, can use several SSL sessions compressed with Deflate in
order to compute HTTP headers, such as cookies
(VIGILANCE-VUL-11952 (https://vigilance.fr/tree/1/11952)).
[severity:1/4; BID-55707, CVE-2012-4929, CVE-2012-4930, PM72915]
An attacker can use iehs.war to generate a Cross Site Scripting in
WebSphere Application Server, in order to execute JavaScript code
in the context of the victim’s web browser (VIGILANCE-VUL-11718
(https://vigilance.fr/tree/1/11718)). [severity:2/4; BID-54051,
CVE-2012-2159, PM62795]
An attacker can use the Liberty profile, in order to create a
Cross Site Scripting. [severity:2/4; PM68643]
The Liberty Profile of JAX-RS can be used by a remote attacker, un
order to gain elevated privileges. [severity:2/4; BID-56423,
BID-56460, CVE-2012-4850, CVE-2012-4859-ERROR, PM67082]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/WebSphere-AS-8-5-thirteen-vulnerabilities-12099