Title: IBM WebSphere JSP Root Password Disclosure Vulnerability
Severity: HIGH
Description:
IBM WebSphere is a commercial web application server which runs on a number of platforms.
A serious vulnerability has been discovered in IBM WebSphere Application Server which may allow a local attacker to gain elevated privileges.
The root password for AIX, Linux and Sun systems is stored plaintext in a file called $WASROOT/properties/sas.server.props, which is not readable by non-root users. However, IBM WebSphere normally runs as root in default installations. In addition, all Java code on a host running IBM WebSphere is also executed with root privileges. This leaves an opening whereby an unprivileged local attacker could create a JSP script which could read the root password from $WASROOT/properties/sas.server.props to gain elevated privileges.
There are a number of other security implications that arise from a local unprivileged user being able to execute arbitrary code as root, all resulting in an escalation of privileges. Additionally, with the default configuration, hosts running IBM WebSphere may be vulnerable to a remote root compromise in cases where a remotely exploitable vulnerability allows arbitrary code execution.
Affected Products:
- IBM Websphere Application Server 3.0.0
- IBM Websphere Application Server 3.0.0 .2.2
- IBM Websphere Application Server 3.0.0 .2.3
- IBM Websphere Application Server 3.0.0 .2.4
- IBM Websphere Application Server 3.0.2
- IBM Websphere Application Server 3.0.2 .1
- IBM Websphere Application Server 3.5.0
- IBM Websphere Application Server 3.5.1
- IBM Websphere Application Server 3.5.2
- IBM Websphere Application Server 3.5.3
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
