exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

IBM-WebSphere-Edge-Server-DOS.txt

IBM-WebSphere-Edge-Server-DOS.txt
Posted Jul 2, 2004
Authored by Leandro Meiners | Site cybsec.com

CYBSEC Security Advisory - A vulnerability has been discovered that allows a remote attacker to generate a denial of service condition against the IBM WebSphere Edge Component Caching Proxy. If the reverse proxy is configured with the JunctionRewrite directive being active, a remote attacker can trivially cause a denial of service by executing the GET HTTP method without parameters. Affected systems: WebSphere Edge Components Caching Proxy 5.02 using JunctionRewrite with UseCookiedirective.

tags | advisory, remote, web, denial of service
SHA-256 | a94bce55cdff38e98dc5afca9cd308f0f3e7bef5a5d9d2931d475ac1018b3c85

IBM-WebSphere-Edge-Server-DOS.txt

Change Mirror Download

--=-sYKUIvIZvaIrXDoz8qSa
Content-Type: text/plain; charset=iso-8859-13
Content-Transfer-Encoding: quoted-printable

The following advisory is also available in pdf for download at
http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf

CYBSEC S.A.
www.cybsec.com

Advisory Name: Denial of Service in WebSphere Edge Server.
Vulnerability Class: Denial of Service
Release Date: June 2nd 2004
Affected Applications: =20

* WebSphere Edge Components Caching Proxy 5.02 using
JunctionRewrite with UseCookiedirective.=20

Not Affected Applications:

* WebSphere Edge Components Caching Proxy 5.02 NOT using
JunctionRewrite with UseCookie directive. =20
* WebSphere Edge Components Caching Proxy 5.00

Affected Platforms:=20

* SUSE SLES 8=20
* SUSE SLES 8 Service Pack 1
* SUSE SLES 8 Service Pack 3
* SUSE SLES 8 Service Pack 3
* Apparently all platforms running WebSphere Edge Server

Local / Remote: Remote
Severity: High
Author: Leandro Meiners.
Vendor Status: =20

* Fix included in WebSphere Application Server 5.0.3 (to be
released)
* Patch available from IBM for clients with Support Level 2 or 3

Reference to Vulnerability Disclosure Policy:=20
http://www.cybsec.com/vulnerability_policy.pdf

Overview:

WebSphere Edge Component Caching Proxy, part of WebSphere Application
Sever, is a reverse proxy designed to reduce bandwidth use and improve a
Web site's speed and reliability by providing a point-of-presence node
for one or more back-end content servers. It is built to work with
content provided by one or more backend WebSphere Application Servers.

Vulnerability Description:

The vulnerability discovered allows a remote attacker to generate a
denial of service condition against the WebSphere Edge Component Caching
Proxy.=20

If the reverse proxy is configured with the JunctionRewrite directive
being active, a remote attacker can trivially cause a denial of service
by executing the GET HTTP method without parameters.

Exploit:

$ echo =B4GET=A1 | nc <victim_host_ip> <proxy_port>

Solutions:

If JunctionRewrite is unnecessary, disabling it will suffice to prevent
the Denial of Service. Also if the option UseCookie in the
JunctionRewrite directive is unnecessary disabling it will suffice to
prevent the Denial of Service.

Vendor Response:

IBM opened a case regarding the vulnerability and provided a patch
within 2 weeks of the initial contact.

Contact Information:

For more information regarding the vulnerability feel free to contact
the author at lmeiners@cybsec.com.

For more information regarding CYBSEC: www.cybsec.com


----------------------------
Leandro Meiners
CYBSEC S.A. Security Systems
E-mail: lmeiners@cybsec.com
Tel/Fax: [54-11] 4382-1600
Web: http://www.cybsec.com

--=-sYKUIvIZvaIrXDoz8qSa
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.0.10">
</HEAD>
<BODY>
The following advisory is also available in pdf for download at http://<A HREF="http://www.cybsec.com">www.cybsec.com</A>/vuln/IBM-WebSphere-Edge-Server-DOS.pdf<BR>
<BR>
CYBSEC S.A.<BR>
www.cybsec.com<BR>
<BR>
Advisory Name: Denial of Service in WebSphere Edge Server.<BR>
Vulnerability Class: Denial of Service<BR>
Release Date: June 2nd 2004<BR>
Affected Applications: &nbsp;
<UL>
<LI>WebSphere Edge Components Caching Proxy 5.02 using JunctionRewrite with UseCookiedirective.
</UL>
Not Affected Applications:
<UL>
<LI>WebSphere Edge Components Caching Proxy 5.02 NOT using JunctionRewrite with UseCookie directive. &nbsp;
<LI>WebSphere Edge Components Caching Proxy 5.00
</UL>
Affected Platforms:
<UL>
<LI>SUSE SLES 8
<LI>SUSE SLES 8 Service Pack 1
<LI>SUSE SLES 8 Service Pack 3
<LI>SUSE SLES 8 Service Pack 3
<LI>Apparently all platforms running WebSphere Edge Server
</UL>
Local / Remote: Remote<BR>
Severity: High<BR>
Author: Leandro Meiners.<BR>
Vendor Status:
<UL>
<LI>Fix included in WebSphere Application Server 5.0.3 (to be released)
<LI>Patch available from IBM for clients with Support Level 2 or 3
</UL>
Reference to Vulnerability Disclosure Policy: <BR>
http://www.cybsec.com/vulnerability_policy.pdf<BR>
<BR>
Overview:<BR>
<BR>
WebSphere Edge Component Caching Proxy, part of WebSphere Application Sever, is a reverse proxy designed to reduce bandwidth use and improve a Web site's speed and reliability by providing a point-of-presence node for one or more back-end content servers. It is built to work with content provided by one or more backend WebSphere Application Servers.<BR>
<BR>
Vulnerability Description:<BR>
<BR>
The vulnerability discovered allows a remote attacker to generate a denial of service condition against the WebSphere Edge Component Caching Proxy. <BR>
<BR>
If the reverse proxy is configured with the JunctionRewrite directive being active, a remote attacker can trivially cause a denial of service by executing the GET HTTP method without parameters.<BR>
<BR>
Exploit:<BR>
<BR>
$ echo “GET” | nc <victim_host_ip> <proxy_port><BR>
<BR>
Solutions:<BR>
<BR>
If JunctionRewrite is unnecessary, disabling it will suffice to prevent the Denial of Service. Also if the option UseCookie in the JunctionRewrite directive is unnecessary disabling it will suffice to prevent the Denial of Service.<BR>
<BR>
Vendor Response:<BR>
<BR>
IBM opened a case regarding the vulnerability and provided a patch within 2 weeks of the initial contact.<BR>
<BR>
Contact Information:<BR>
<BR>
For more information regarding the vulnerability feel free to contact the author at <A HREF="mailto:lmeiners@cybsec.com"><U>lmeiners@cybsec.com</U></A>.<BR>
<BR>
For more information regarding CYBSEC: <A HREF="http://www.cybsec.com"><U>www.cybsec.com</U></A><BR>
<BR>
<BR>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
<TT>----------------------------<BR>
Leandro Meiners<BR>
CYBSEC S.A. Security Systems<BR>
E-mail: <A HREF="mailto:lmeiners@cybsec.com"><U>lmeiners@cybsec.com</U></A><BR>
Tel/Fax: [54-11] 4382-1600<BR>
Web: <A HREF="http://www.cybsec.com"><U>http://www.cybsec.com</TT></U></A>
</TD>
</TR>
</TABLE>

</BODY>
</HTML>

--=-sYKUIvIZvaIrXDoz8qSa--

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close