| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 31 Oct 2011 09:53:41 -0500 From: ddivulnalert <ddivulnalert@...frontline.com> To: <full-disclosure@...ts.grok.org.uk> Subject: DDIVRT-2011-33 IBM WebSphere Application Server 'help' Servlet Plug-in Bundle Directory Traversal [CVE-2011-1359] Title ----- DDIVRT-2011-33 IBM WebSphere Application Server 'help' Servlet Plug-in Bundle Directory Traversal [CVE-2011-1359] Severity -------- High Date Discovered --------------- July 28, 2011 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Javier Castro, sxkeebler and r@...$ Vulnerability Description ------------------------- The default installation of the IBM WebSphere Application Server is deployed with a 'help' servlet which is designed to serve supporting documentation for the WebSphere system. When the 'help' servlet processes a URL that contains a reference to a Java plug-in Bundle that is registered with the Eclipse Platform Runtime Environment of the WebSphere Application Server, the 'help' servlet fails to ensure that the submitted URL refers to a file that is both located within the web root of the servlet and is of a type that is allowed to be served. An unauthenticated remote attacker can use this weakness in the 'help' servlet to retrieve arbitrary system files from the host that is running the 'help' servlet. This can be accomplished by submitting a URL which refers to a registered Java plug-in Bundle followed by a relative path to the desired file. Solution Description -------------------- IBM has released a patch for this issue. The patch is available through APAR PM45322. http://www-01.ibm.com/support/docview.wss?uid=swg21509257 Tested Systems / Software (with versions) ------------------------------------------ WebSphere Application Server Version 8.0 WebSphere Application Server Version 7.0 WebSphere Application Server Version 6.1 Vendor Contact -------------- Vendor Name: IBM Vendor Website: http://www-01.ibm.com/software/webservers/appserv/was/library/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists