IBM WebSphere Application Server Administration Directory Traversal Vulnerability Network Vulnerability

Summary

The host is running IBM WebSphere Application Server and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow attackers to read arbitrary files on the affected application and obtain sensitive information that may lead to further attacks. Impact Level: Application

Solution

Upgrade IBM WebSphere Application Server to 6.1.0.41 or 7.0.0.19 or 8.0.0.1 For updates refer to http://www-01.ibm.com/support/docview.wss?uid=swg24028875

Insight

The flaw is due to error in administration console which fails to handle certain requests. This allows remote attackers to read arbitrary files via a '../' (dot dot) in the URI.

Affected

IBM WebSphere Application Server versions 6.1 before 6.1.0.41, 7.0 before 7.0.0.19 and 8.0 before 8.0.0.1

References

http://osvdb.org/74817
http://secunia.com/advisories/45749
http://www-01.ibm.com/support/docview.wss?uid=swg21509257
http://xforce.iss.net/xforce/xfdb/69473

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1359
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

IBM WebSphere Application Server (WAS) XSS and CSRF Vulnerabilities
IBM WebSphere Application Multiple Vulnerabilities Jul-11
Ecava IntegraXor Directory Traversal Vulnerability
lighttpd Slow Request Handling Remote Denial Of Service Vulnerability
JBoss Enterprise Application Platform Multiple Vulnerabilities

Take action and discover your vulnerabilities