IBM WebSphere Application Server Administration Directory Traversal Vulnerability Network Vulnerability

Summary

The host is running IBM WebSphere Application Server and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow attackers to read arbitrary files on the affected application and obtain sensitive information that may lead to further attacks. Impact Level: Application

Solution

Upgrade IBM WebSphere Application Server to 6.1.0.41 or 7.0.0.19 or 8.0.0.1 For updates refer to http://www-01.ibm.com/support/docview.wss?uid=swg24028875

Insight

The flaw is due to error in administration console which fails to handle certain requests. This allows remote attackers to read arbitrary files via a '../' (dot dot) in the URI.

Affected

IBM WebSphere Application Server versions 6.1 before 6.1.0.41, 7.0 before 7.0.0.19 and 8.0 before 8.0.0.1

References

http://osvdb.org/74817
http://secunia.com/advisories/45749
http://www-01.ibm.com/support/docview.wss?uid=swg21509257
http://xforce.iss.net/xforce/xfdb/69473

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1359

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

IBM WebSphere Application Server (WAS) Cross-site Scripting Vulnerability
Boa Webserver Terminal Escape Sequence in Logs Command Injection Vulnerability
IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 01 - March 2011
IBM WebSphere Application Server Hash Collisions DOS Vulnerability
Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability

Take action and discover your vulnerabilities