Vulnerabilities > CVE-2008-4678 - Resource Management Errors vulnerability in IBM Websphere Application Server

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

ibm

CWE-399

nessus

NVD

Published: 2008-10-22

Updated: 2017-08-08

Summary

The HTTP_Request_Parser method in the HTTP Transport component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 allows remote attackers to cause a denial of service (controller 0C4 abend and application hang) via a long HTTP Host header, related to "storage overlay" on the stack and a "parse failure."

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Websphere Application Server 6.0.2 IBM Websphere Application Server 6.0.2.1 IBM Websphere Application Server 6.0.2.2 IBM Websphere Application Server 6.0.2.3 IBM Websphere Application Server 6.0.2.4 IBM Websphere Application Server 6.0.2.5 IBM Websphere Application Server 6.0.2.6 IBM Websphere Application Server 6.0.2.9 IBM Websphere Application Server 6.0.2.11 IBM Websphere Application Server 6.0.2.13 IBM Websphere Application Server 6.0.2.15 IBM Websphere Application Server 6.0.2.17 IBM Websphere Application Server 6.0.2.19 IBM Websphere Application Server 6.0.2.23 IBM Websphere Application Server 6.0.2.25 IBM Websphere Application Server 6.0.2.27	16

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Nessus

NASL family	Web Servers
NASL id	WEBSPHERE_6_0_2_31.NASL
description	IBM WebSphere Application Server 6.0.2 before Fix Pack 31 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - By sending a specially crafted HTTP request with the
last seen	2020-06-01
modified	2020-06-02
plugin id	34501
published	2008-10-27
reporter	This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/34501
title	IBM WebSphere Application Server < 6.0.2.31 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(34501); script_version("1.21"); script_cvs_date("Date: 2018/08/06 14:03:16"); script_cve_id( "CVE-2008-4111", "CVE-2008-4678", "CVE-2008-4679", "CVE-2009-0434" ); script_bugtraq_id(31839, 31186, 33700); script_xref(name:"Secunia", value:"32296"); script_name(english:"IBM WebSphere Application Server < 6.0.2.31 Multiple Vulnerabilities"); script_summary(english:"Reads the version number from the SOAP port"); script_set_attribute(attribute:"synopsis", value: "The remote application server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "IBM WebSphere Application Server 6.0.2 before Fix Pack 31 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - By sending a specially crafted HTTP request with the 'Host' header field set to more than 256 bytes, it may be possible to crash the remote application server. (PK69371) - An unspecified security exposure vulnerability exists if 'fileServing' feature is enabled. (PK64302) - Web services security fails to honor Certificate Revocation Lists (CRL) configured in Certificate Store Collections. (PK61258) - Provided Performance Monitoring Infrastructur (PMI) is enabled, it may be possible for an local attacker to obtain sensitive information."); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg1PK69371"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg1PK61258"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg24020788"); script_set_attribute(attribute:"solution", value:"Apply Fix Pack 31 (6.0.2.31) or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(200, 287, 399); script_set_attribute(attribute:"plugin_publication_date", value:"2008/10/27"); script_set_attribute(attribute:"patch_publication_date", value:"2008/10/20"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc."); script_dependencies("websphere_detect.nasl"); script_require_ports("Services/www", 8880, 8881); script_require_keys("www/WebSphere"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:8880); version = get_kb_item("www/WebSphere/"+port+"/version"); if (isnull(version)) exit(1, "Failed to extract the version from the IBM WebSphere Application Server instance listening on port " + port + "."); if (version =~ "^[0-9]+(\.[0-9]+)?$") exit(1, "Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port " + port + "."); ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); if ( (ver[0] == 6 && ver[1] == 0 && ver[2] < 2) \|\| (ver[0] == 6 && ver[1] == 0 && ver[2] == 2 && ver[3] < 31) ) { if (report_verbosity > 0) { source = get_kb_item_or_exit("www/WebSphere/"+port+"/source"); report = '\n Source : ' + source + '\n Installed version : ' + version + '\n Fixed version : 6.0.2.31' + '\n'; security_warning(port:port, extra:report); } else security_warning(port); exit(0); } else exit(0, "The WebSphere Application Server "+version+" instance listening on port "+port+" is not affected.");

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 31839 CVE(CAN) ID: CVE-2008-4678,CVE-2008-4679 IBM Websphere应用服务器以Java和Servlet引擎为基础，支持多种HTTP服务，可帮助用户完成从开发、发布到维护交互式的动态网站的所有工作。 IBM WebSphere应用服务器的HTTP Transport组件中的HTTP_Request_Parser方式没有正确地验证用户所提交的HTTP请求。如果远程攻击者在请求中包含有超长的HTTP Host头的话，就可能导致拒绝服务（0C4控制器异常结束和应用程序挂起）。如果将Certificate Store Collections配置为使用证书撤销列表（CRL）的话，WebSphere应用服务器的Web Services Security组件就没有对PKIXBuilderParameters对象调用setRevocationEnabled方式，导致Java安全方式无法检查X.509证书的撤销状态。远程攻击者可以通过发送带有已撤销证书的SOAP消息绕过预期的访问限制。 IBM Websphere Application Server 6.0.x IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=http://www-01.ibm.com/support/docview.wss?uid=swg27007951 target=_blank>http://www-01.ibm.com/support/docview.wss?uid=swg27007951</a> <a href=http://www-01.ibm.com/support/docview.wss?uid=swg27006876 target=_blank>http://www-01.ibm.com/support/docview.wss?uid=swg27006876</a>
id	SSV:4346
last seen	2017-11-19
modified	2008-10-27
published	2008-10-27
reporter	Root
title	IBM WebSphere应用服务器拒绝服务及绕过安全限制漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Seebug

References