lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <073FDE8F-5CDB-4A23-A1EC-570CC82A49CE@ddifrontline.com>
Date: Mon, 31 Oct 2011 09:53:41 -0500
From: ddivulnalert <ddivulnalert@...frontline.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: DDIVRT-2011-33 IBM WebSphere Application Server
	'help' Servlet Plug-in Bundle Directory Traversal [CVE-2011-1359]

Title
-----
DDIVRT-2011-33 IBM WebSphere Application Server 'help' Servlet Plug-in Bundle Directory Traversal [CVE-2011-1359]

Severity
--------
High

Date Discovered
---------------
July 28, 2011

Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Javier Castro, sxkeebler and r@...$

Vulnerability Description
-------------------------
The default installation of the IBM WebSphere Application Server is 
deployed with a 'help' servlet which is designed to serve supporting 
documentation for the WebSphere system. When the 'help' servlet 
processes a URL that contains a reference to a Java plug-in Bundle 
that is registered with the Eclipse Platform Runtime Environment of 
the WebSphere Application Server, the 'help' servlet fails to ensure 
that the submitted URL refers to a file that is both located within the 
web root of the servlet and is of a type that is allowed to be served.

An unauthenticated remote attacker can use this weakness in the 
'help' servlet to retrieve arbitrary system files from the host that 
is running the 'help' servlet. This can be accomplished by submitting 
a URL which refers to a registered Java plug-in Bundle followed by a 
relative path to the desired file.

Solution Description
--------------------
IBM has released a patch for this issue. The patch is available through APAR PM45322.

http://www-01.ibm.com/support/docview.wss?uid=swg21509257

Tested Systems / Software (with versions)
------------------------------------------
WebSphere Application Server Version 8.0
WebSphere Application Server Version 7.0
WebSphere Application Server Version 6.1

Vendor Contact
--------------
Vendor Name: IBM
Vendor Website: http://www-01.ibm.com/software/webservers/appserv/was/library/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ