IBM WebSphere Application Server Multiple Vulnerabilities


Description   A weakness and multiple vulnerabilities have been reported in IBM WebSphere Application Server, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose certain sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).
For more information:
SA62590
SA63006 (#2)
SA63589
SA64105 (#10, #13)
SA64227
SA64402 (#3)
The weakness and vulnerabilities are reported in versions 8.5.0.0 through 8.5.5.5 (please see the vendor's advisories for a list of affected editions concerning the CVEs).
     
Vulnerable Products   Vulnerable Software:
IBM WebSphere Application Server 8.5.x
     
Solution   Apply APARs PI33012, PI38302, and PI39865 or update to version 8.5.5.6 (Fix pack 6) when available (scheduled to be released on June 26, 2015).
     
CVE   CVE-2015-2808
CVE-2015-1920
CVE-2015-1916
CVE-2015-0488
CVE-2015-0478
CVE-2015-0204
CVE-2015-0138
CVE-2014-8917
     
References   IBM (PI33012
PI38302
PI39865):
http://www.ibm.com/support/docview.wss?uid=swg21697284
http://www.ibm.com/support/docview.wss?uid=swg21883573
http://www.ibm.com/support/docview.wss?uid=swg21902260
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL
3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL
3.2.0
XSS - Phishing : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL
3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL
3.2.0
XSS - Phishing : suspicious 'a' tag found in URL
3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL
3.2.0
XSS - Phishing : suspicious 'form' tag found in URL
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL
3.2.0
XSS - Phishing : suspicious 'link' tag found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL
3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL
3.2.0
SQL injection Prevention - GET : Evasion attempt with CAST and EXEC statements
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2015-03-30 

 Target Type 
Server 

 Possible exploit 
Remote