IBM WebSphere Application Server Administration Directory Traversal Vulnerability Network Vulnerability

Summary

The host is running IBM WebSphere Application Server and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow attackers to read arbitrary files on the affected application and obtain sensitive information that may lead to further attacks. Impact Level: Application

Solution

Upgrade IBM WebSphere Application Server to 6.1.0.41 or 7.0.0.19 or 8.0.0.1 For updates refer to http://www-01.ibm.com/support/docview.wss?uid=swg24028875

Insight

The flaw is due to error in administration console which fails to handle certain requests. This allows remote attackers to read arbitrary files via a '../' (dot dot) in the URI.

Affected

IBM WebSphere Application Server versions 6.1 before 6.1.0.41, 7.0 before 7.0.0.19 and 8.0 before 8.0.0.1

References

http://osvdb.org/74817
http://secunia.com/advisories/45749
http://www-01.ibm.com/support/docview.wss?uid=swg21509257
http://xforce.iss.net/xforce/xfdb/69473

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1359

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache HTTP Server 'mod_dav_svn' Denial of Service Vulnerability (Windows)
IBM WebSphere Application Server IVT Cross Site Scripting Vulnerability
Acritum Femitter Server 1.03 Multiple Remote Vulnerabilities
Lighttpd Trailing Slash Information Disclosure Vulnerability
httpdASM Directory Traversal Vulnerability

Take action and discover your vulnerabilities