IBM-WebSphere-Edge-Server-DOS.txt

IBM-WebSphere-Edge-Server-DOS.txt: Posted Jul 2, 2004; Authored by Leandro Meiners | Site cybsec.com; CYBSEC Security Advisory - A vulnerability has been discovered that allows a remote attacker to generate a denial of service condition against the IBM WebSphere Edge Component Caching Proxy. If the reverse proxy is configured with the JunctionRewrite directive being active, a remote attacker can trivially cause a denial of service by executing the GET HTTP method without parameters. Affected systems: WebSphere Edge Components Caching Proxy 5.02 using JunctionRewrite with UseCookiedirective.; tags | advisory, remote, web, denial of service; SHA-256 | a94bce55cdff38e98dc5afca9cd308f0f3e7bef5a5d9d2931d475ac1018b3c85; Download | Favorite | View

IBM-WebSphere-Edge-Server-DOS.txt


--=-sYKUIvIZvaIrXDoz8qSa
Content-Type: text/plain; charset=iso-8859-13
Content-Transfer-Encoding: quoted-printable

The following advisory is also available in pdf for download at
http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf

CYBSEC S.A.
www.cybsec.com

Advisory Name: Denial of Service in WebSphere Edge Server.
Vulnerability Class: Denial of Service
Release Date: June 2nd 2004
Affected Applications: =20

      * WebSphere Edge Components Caching Proxy 5.02 using
        JunctionRewrite with UseCookiedirective.=20

Not Affected Applications:

      * WebSphere Edge Components Caching Proxy 5.02 NOT using
        JunctionRewrite with UseCookie directive. =20
      * WebSphere Edge Components Caching Proxy 5.00

Affected Platforms:=20

      * SUSE SLES 8=20
      * SUSE SLES 8 Service Pack 1
      * SUSE SLES 8 Service Pack 3
      * SUSE SLES 8 Service Pack 3
      * Apparently all platforms running WebSphere Edge Server

Local / Remote: Remote
Severity: High
Author:  Leandro Meiners.
Vendor Status: =20

      * Fix included in WebSphere Application Server 5.0.3 (to be
        released)
      * Patch available from IBM for clients with Support Level 2 or 3

Reference to Vulnerability Disclosure Policy:=20
http://www.cybsec.com/vulnerability_policy.pdf

Overview:

WebSphere Edge Component Caching Proxy, part of WebSphere Application
Sever, is a reverse proxy designed to reduce bandwidth use and improve a
Web site's speed and reliability by providing a point-of-presence node
for one or more back-end content servers. It is built to work with
content provided by one or more backend WebSphere Application Servers.

Vulnerability Description:

The vulnerability discovered allows a remote attacker to generate a
denial of service condition against the WebSphere Edge Component Caching
Proxy.=20

If the reverse proxy is configured with the JunctionRewrite directive
being active, a remote attacker can trivially cause a denial of service
by executing the GET HTTP method without parameters.

Exploit:

$ echo =B4GET=A1 | nc <victim_host_ip> <proxy_port>

Solutions:

If JunctionRewrite is unnecessary, disabling it will suffice to prevent
the Denial of Service. Also if the option UseCookie in the
JunctionRewrite directive is unnecessary disabling it will suffice to
prevent the Denial of Service.

Vendor Response:

IBM opened a case regarding the vulnerability and provided a patch
within 2 weeks of the initial contact.

Contact Information:

For more information regarding the vulnerability feel free to contact
the author at lmeiners@cybsec.com.

For more information regarding CYBSEC: www.cybsec.com


----------------------------
Leandro Meiners
CYBSEC S.A. Security Systems
E-mail: lmeiners@cybsec.com
Tel/Fax: [54-11] 4382-1600
Web: http://www.cybsec.com

--=-sYKUIvIZvaIrXDoz8qSa
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
  <META NAME="GENERATOR" CONTENT="GtkHTML/3.0.10">
</HEAD>
<BODY>
The following advisory is also available in pdf for download at http://<A HREF="http://www.cybsec.com">www.cybsec.com</A>/vuln/IBM-WebSphere-Edge-Server-DOS.pdf<BR>
<BR>
CYBSEC S.A.<BR>
www.cybsec.com<BR>
<BR>
Advisory Name: Denial of Service in WebSphere Edge Server.<BR>
Vulnerability Class: Denial of Service<BR>
Release Date: June 2nd 2004<BR>
Affected Applications: &nbsp;
<UL>
    <LI>WebSphere Edge Components Caching Proxy 5.02 using JunctionRewrite with UseCookiedirective. 
</UL>
Not Affected Applications:
<UL>
    <LI>WebSphere Edge Components Caching Proxy 5.02 NOT using JunctionRewrite with UseCookie directive. &nbsp;
    <LI>WebSphere Edge Components Caching Proxy 5.00
</UL>
Affected Platforms: 
<UL>
    <LI>SUSE SLES 8 
    <LI>SUSE SLES 8 Service Pack 1
    <LI>SUSE SLES 8 Service Pack 3
    <LI>SUSE SLES 8 Service Pack 3
    <LI>Apparently all platforms running WebSphere Edge Server
</UL>
Local / Remote: Remote<BR>
Severity: High<BR>
Author:  Leandro Meiners.<BR>
Vendor Status:  
<UL>
    <LI>Fix included in WebSphere Application Server 5.0.3 (to be released)
    <LI>Patch available from IBM for clients with Support Level 2 or 3
</UL>
Reference to Vulnerability Disclosure Policy: <BR>
http://www.cybsec.com/vulnerability_policy.pdf<BR>
<BR>
Overview:<BR>
<BR>
WebSphere Edge Component Caching Proxy, part of WebSphere Application Sever, is a reverse proxy designed to reduce bandwidth use and improve a Web site's speed and reliability by providing a point-of-presence node for one or more back-end content servers. It is built to work with content provided by one or more backend WebSphere Application Servers.<BR>
<BR>
Vulnerability Description:<BR>
<BR>
The vulnerability discovered allows a remote attacker to generate a denial of service condition against the WebSphere Edge Component Caching Proxy. <BR>
<BR>
If the reverse proxy is configured with the JunctionRewrite directive being active, a remote attacker can trivially cause a denial of service by executing the GET HTTP method without parameters.<BR>
<BR>
Exploit:<BR>
<BR>
$ echo “GET” | nc <victim_host_ip> <proxy_port><BR>
<BR>
Solutions:<BR>
<BR>
If JunctionRewrite is unnecessary, disabling it will suffice to prevent the Denial of Service. Also if the option UseCookie in the JunctionRewrite directive is unnecessary disabling it will suffice to prevent the Denial of Service.<BR>
<BR>
Vendor Response:<BR>
<BR>
IBM opened a case regarding the vulnerability and provided a patch within 2 weeks of the initial contact.<BR>
<BR>
Contact Information:<BR>
<BR>
For more information regarding the vulnerability feel free to contact the author at <A HREF="mailto:lmeiners@cybsec.com"><U>lmeiners@cybsec.com</U></A>.<BR>
<BR>
For more information regarding CYBSEC: <A HREF="http://www.cybsec.com"><U>www.cybsec.com</U></A><BR>
<BR>
<BR>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
<TT>----------------------------<BR>
Leandro Meiners<BR>
CYBSEC S.A. Security Systems<BR>
E-mail: <A HREF="mailto:lmeiners@cybsec.com"><U>lmeiners@cybsec.com</U></A><BR>
Tel/Fax: [54-11] 4382-1600<BR>
Web: <A HREF="http://www.cybsec.com"><U>http://www.cybsec.com</TT></U></A>
</TD>
</TR>
</TABLE>

</BODY>
</HTML>

--=-sYKUIvIZvaIrXDoz8qSa--

Top Authors In Last 30 Days

Red Hat 300 files
Ubuntu 65 files
LiquidWorm 25 files
Debian 18 files
indoushka 15 files
Apple 10 files
Google Security Research 7 files
Gentoo 5 files
Emiliano Febbi 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,155)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,813)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,236)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,965)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

IBM-WebSphere-Edge-Server-DOS.txt

IBM-WebSphere-Edge-Server-DOS.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

IBM-WebSphere-Edge-Server-DOS.txt

Share This

IBM-WebSphere-Edge-Server-DOS.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems