Vigil@nce: WebSphere AS 6.0.2, several vulnerabilities
February 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
Several vulnerabilities of WebSphere AS can be used to attack the
service.
Gravity: 2/4
Consequences: privileged access/rights, data reading
Provenance: internet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 7
Creation date: 13/02/2009
IMPACTED PRODUCTS
– IBM WebSphere Application Server
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in WebSphere Application
Server.
An attacker can use the runtimeErrFileName parameter of
ibm/console/jvmLogDetail.do, or the stdoutFilename and
stderrFilename parameters of /ibm/console/outputRedirectDetail.do
to access to a file. [grav:2/4; BID-33533, CVE-2009-0391, PK72036]
The Perfservlet code writes sensitive information in both
systemout.log and ffdc files (PMI/Performance Tools). [grav:2/4;
CVE-2008-5413, PK63886]
An attacker can use ibm_security_logout to redirect to victim to
any web site. [grav:1/4; BID-33700, CVE-2008-4284, PK71126]
A vulnerability impacts cbind checks under zSeries. [grav:2/4;
PK71143]
The Nonce and timestamp expiration values are not enforced as
specified. [grav:1/4; PK66676]
The AX-RPC WS-Sexcurity runtime does not correctly validate a
usernametoken. [grav:2/4; PK75992]
An attacker can read the WAS_HOME/logs/instconfigifwas6.log file
which contains sensitive information. [grav:2/4; CVE-2009-0437,
PK67405]
CHARACTERISTICS
Identifiers: BID-33533, BID-33700, CVE-2008-4284, CVE-2008-5413,
CVE-2009-0391, CVE-2009-0437, PK63886, PK66676, PK67405, PK71126,
PK71143, PK72036, PK75992, VIGILANCE-VUL-8472
http://vigilance.fr/vulnerability/WebSphere-AS-6-0-2-several-vulnerabilities-8472