Freely subscribe to our NEWSLETTER

SYNTHESIS OF THE VULNERABILITY

Several vulnerabilities of WebSphere AS can be used to attack the
service.

Gravity: 2/4

Consequences: privileged access/rights, data reading

Provenance: internet client

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Number of vulnerabilities in this bulletin: 7

Creation date: 13/02/2009

IMPACTED PRODUCTS

– IBM WebSphere Application Server

DESCRIPTION OF THE VULNERABILITY

Several vulnerabilities were announced in WebSphere Application
Server.

An attacker can use the runtimeErrFileName parameter of
ibm/console/jvmLogDetail.do, or the stdoutFilename and
stderrFilename parameters of /ibm/console/outputRedirectDetail.do
to access to a file. [grav:2/4; BID-33533, CVE-2009-0391, PK72036]

The Perfservlet code writes sensitive information in both
systemout.log and ffdc files (PMI/Performance Tools). [grav:2/4;
CVE-2008-5413, PK63886]

An attacker can use ibm_security_logout to redirect to victim to
any web site. [grav:1/4; BID-33700, CVE-2008-4284, PK71126]

A vulnerability impacts cbind checks under zSeries. [grav:2/4;
PK71143]

The Nonce and timestamp expiration values are not enforced as
specified. [grav:1/4; PK66676]

The AX-RPC WS-Sexcurity runtime does not correctly validate a
usernametoken. [grav:2/4; PK75992]

An attacker can read the WAS_HOME/logs/instconfigifwas6.log file
which contains sensitive information. [grav:2/4; CVE-2009-0437,
PK67405]

CHARACTERISTICS

Identifiers: BID-33533, BID-33700, CVE-2008-4284, CVE-2008-5413,
CVE-2009-0391, CVE-2009-0437, PK63886, PK66676, PK67405, PK71126,
PK71143, PK72036, PK75992, VIGILANCE-VUL-8472

http://vigilance.fr/vulnerability/WebSphere-AS-6-0-2-several-vulnerabilities-8472