Multiple Authentication Bypass Vulnerabilities within IBM WebSphere Application Server
OVERVIEW:
Two vulnerabilities in IBM WebSphere Application Server have recently been made public. IBM WebSphere Application Server is a software application server that uses web technologies and can be implemented on many common operating systems. Both vulnerabilities may allow malicious users to bypass authentication required to access a service running on the vulnerable server. Successful exploitation may allow attackers to gain unauthorized access to the service, which may lead to other attacks.
SYSTEMS AFFECTED:
The vulnerability identified by IBM in PK72138 (Bugtraq ID 35594):
* IBM WebSphere Application Server 7.0 1
* IBM WebSphere Application Server 6.1 23
* IBM WebSphere Application Server 6.1 22
* IBM WebSphere Application Server 6.1 21
* IBM WebSphere Application Server 6.1 20
* IBM WebSphere Application Server 6.1 19
* IBM WebSphere Application Server 6.1 18
* IBM WebSphere Application Server 6.1 17
* IBM WebSphere Application Server 6.1 15
* IBM WebSphere Application Server 6.1 13
* IBM WebSphere Application Server 6.1 12
* IBM WebSphere Application Server 6.1 10
* IBM WebSphere Application Server 6.1 .9
* IBM WebSphere Application Server 6.1 .7
* IBM WebSphere Application Server 6.1 .6
* IBM WebSphere Application Server 6.1 .5
* IBM WebSphere Application Server 6.1 .3
* IBM WebSphere Application Server 6.1 .2
* IBM WebSphere Application Server 6.1 .14
* IBM WebSphere Application Server 6.1 .1
* IBM WebSphere Application Server 6.1
* IBM WebSphere Application Server 6.1
* IBM WebSphere Application Server 6.1
* IBM WebSphere Application Server 6.1
* IBM WebSphere Application Server 6.1
* IBM WebSphere Application Server 6.1
* IBM WebSphere Application Server 7.0
The vulnerability identified by IBM in PK75992 (Bugtraq ID 35610):
* IBM WebSphere Application Server 7.0 1
* IBM WebSphere Application Server 6.1 21
* IBM WebSphere Application Server 6.1 19
* IBM WebSphere Application Server 6.1 17
* IBM WebSphere Application Server 6.1 15
* IBM WebSphere Application Server 6.0.2 31
* IBM WebSphere Application Server 6.0.2 29
* IBM WebSphere Application Server 6.0.2 27
* IBM WebSphere Application Server 6.0.2 .25
* IBM WebSphere Application Server 7.0
RISK:
Government:
* Large and medium government entities: High
* Small government entities: High
Businesses:
* Large and medium business entities: High
* Small business entities: High
Home users: N/A
DESCRIPTION:
IBM has confirmed the existence of two vulnerabilities that may allow a remote attacker to bypass application server authentication. Exploiting these vulnerabilities could allow an attacker to access restricted services, which may then lead to other attacks. Both vulnerabilities are associated with WS-Security, which is the security implementation within the Java API for XML Web Services (JAX-WS).
The first vulnerability discovered within WS-Security, referenced and addressed by IBM in PK72138, can only be exploited when the security policy is implemented at the 'Operational Level'. When this policy is established, WS-Security does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action. An attacker can craft a malicious inbound request to exploit this vulnerability. Successful exploitation may allow attackers to bypass certain security restrictions, which may then lead to other attacks.
The second vulnerability, referenced and addressed by IBM in PK75992, arises in the way WS-Security validates the 'UsernameToken' object. It is possible for WS-Security to incorrectly validate these tokens, allowing a malicious user to bypass the authentication process. This may allow a malicious user to conduct further attacks.
RECOMMENDATIONS:
We recommend the following actions be taken:
* Apply appropriate patches provided by IBM to vulnerable systems immediately after appropriate testing.
* Deploy network intrusion detection systems to monitor network traffic for malicious activity.
REFERENCES:
IBM:
http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D600&uid=swg21367223&loc=en_US&cs=UTF-8&lang=en&rss=ct180WebSphere
Security Focus:
http://www.securityfocus.com/bid/35594
http://www.securityfocus.com/bid/35610
CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0903
WebSphere Administration and much more
My Lables
3rd party
(2)
404
(1)
502
(2)
503
(1)
6.0
(2)
6.1
(3)
64 bit
(5)
AE
(1)
AIX
(4)
apache
(2)
Best Practices
(3)
CM
(1)
collector
(1)
commands
(9)
Definitions
(1)
Deployment Issues
(1)
Environment
(3)
faq
(8)
Fedora
(2)
FileNet
(2)
fixpacks
(2)
gunzip
(1)
IHS
(9)
InfoCenter
(3)
Installation
(4)
JAVA
(7)
JVM
(2)
Linux
(15)
Logs
(2)
MIGRATION
(3)
Migration Notes
(2)
Open Source
(1)
OS X Lion
(1)
Performance
(3)
Performance Monitoring
(2)
PERL
(1)
Plugin
(5)
PMR
(3)
Profiles
(1)
RAD 7.0
(4)
Security
(1)
SLES
(3)
Solaris
(6)
SSL
(3)
tar
(2)
TechNote
(8)
Test 252
(3)
tips
(4)
tools
(2)
Troubleshooting
(13)
uninstall
(1)
UNIX
(18)
unzip
(1)
VirtualBox
(4)
Virtualization
(2)
Vista
(1)
vmdk
(5)
VMWARE
(1)
WAS
(15)
WAS 7
(11)
WAS 7.0
(2)
WAS 8
(3)
WAS8.5
(2)
WebSphere
(13)
windows
(11)
WMQ
(2)
Workplace
(1)
WPS
(6)
X86
(1)
Follow Me!!
WebSphere Admin's Podcasts
Sun Developer Network Highlights
Bobby Woolf
/dev/websphere
WebSphere Community Blog
IBM developerWorks podcasts
IBM TV
Dileep Kumar's Weblog
Albert Leigh's Weblog
Mail Me
Readers,
If you guys like my blog, please leave a comment or if you differ with the posts or if you have any specific questions, please mail at admin.websphere@gmail.com
If you guys like my blog, please leave a comment or if you differ with the posts or if you have any specific questions, please mail at admin.websphere@gmail.com
whos.amung.us
LinkedIn Profile
STATS
ఓం
వక్రతుండ మహాకాయ! కోటిసూర్య సమప్రభా!!
నిర్విఘ్నం కురుమేదేవ! సర్వకార్యేషు సర్వదా!!
నిర్విఘ్నం కురుమేదేవ! సర్వకార్యేషు సర్వదా!!
No comments:
Post a Comment