cnvd - cnvd-2018-17070

cnvd-2018-17070

Vulnerability from cnvd

Title: IBM WebSphere Application Server Liberty信息泄露漏洞（CNVD-2018-17070）

Description:

IBM WebSphere Application Server（WAS）是美国IBM公司开发并发行的一款应用服务器产品，它是Java EE和Web服务应用程序的平台，也是IBM WebSphere软件平台的基础。Liberty是WAS的一个动态服务器配置文件。

IBM WAS Liberty中存在信息泄露漏洞，该漏洞源于在Liberty配置使用Java Authentication SPI for Containers时，程序未能正确地进行传输。远程攻击者可利用该漏洞获取敏感信息。

Severity: 中

Patch Name: IBM WebSphere Application Server Liberty信息泄露漏洞（CNVD-2018-17070）的补丁

Patch Description:

IBM WAS Liberty中存在信息泄露漏洞，该漏洞源于在Liberty配置使用Java Authentication SPI for Containers时，程序未能正确地进行传输。远程攻击者可利用该漏洞获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www-01.ibm.com/support/docview.wss?uid=ibm10728689

Reference: https://nvd.nist.gov/vuln/detail/CVE-2018-1755

Impacted products

Name
IBM WebSphere Application Server（WAS）

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "105150"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1755",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1755"
    }
  },
  "description": "IBM WebSphere Application Server\uff08WAS\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u5f00\u53d1\u5e76\u53d1\u884c\u7684\u4e00\u6b3e\u5e94\u7528\u670d\u52a1\u5668\u4ea7\u54c1\uff0c\u5b83\u662fJava EE\u548cWeb\u670d\u52a1\u5e94\u7528\u7a0b\u5e8f\u7684\u5e73\u53f0\uff0c\u4e5f\u662fIBM WebSphere\u8f6f\u4ef6\u5e73\u53f0\u7684\u57fa\u7840\u3002Liberty\u662fWAS\u7684\u4e00\u4e2a\u52a8\u6001\u670d\u52a1\u5668\u914d\u7f6e\u6587\u4ef6\u3002\r\n\r\nIBM WAS Liberty\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728Liberty\u914d\u7f6e\u4f7f\u7528Java Authentication SPI for Containers\u65f6\uff0c\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u8fdb\u884c\u4f20\u8f93\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "IBM",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www-01.ibm.com/support/docview.wss?uid=ibm10728689",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-17070",
  "openTime": "2018-08-31",
  "patchDescription": "IBM WebSphere Application Server\uff08WAS\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u5f00\u53d1\u5e76\u53d1\u884c\u7684\u4e00\u6b3e\u5e94\u7528\u670d\u52a1\u5668\u4ea7\u54c1\uff0c\u5b83\u662fJava EE\u548cWeb\u670d\u52a1\u5e94\u7528\u7a0b\u5e8f\u7684\u5e73\u53f0\uff0c\u4e5f\u662fIBM WebSphere\u8f6f\u4ef6\u5e73\u53f0\u7684\u57fa\u7840\u3002Liberty\u662fWAS\u7684\u4e00\u4e2a\u52a8\u6001\u670d\u52a1\u5668\u914d\u7f6e\u6587\u4ef6\u3002\r\n\r\nIBM WAS Liberty\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728Liberty\u914d\u7f6e\u4f7f\u7528Java Authentication SPI for Containers\u65f6\uff0c\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u5730\u8fdb\u884c\u4f20\u8f93\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM WebSphere Application Server Liberty\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-17070\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "IBM WebSphere Application Server\uff08WAS\uff09"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-1755",
  "serverity": "\u4e2d",
  "submitTime": "2018-08-28",
  "title": "IBM WebSphere Application Server Liberty\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2018-17070\uff09"
}

CVE-2018-1755 (GCVE-0-2018-1755)

Vulnerability from cvelistv5

Published

2018-08-24 11:00

Modified

2024-09-16 20:16

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE

Obtain Information

Summary

IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). This can happen when the Application Server is configured to permit access on non-secure (http) port and using JASPIC or JSR375 authentication.

References

▼	URL	Tags
	https://exchange.xforce.ibmcloud.com/vulnerabilities/148597	vdb-entry, x_refsource_XF
	http://www.securitytracker.com/id/1041558	vdb-entry, x_refsource_SECTRACK
	https://www.ibm.com/support/docview.wss?uid=ibm10728689	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/105150	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	WebSphere Application Server	Version: Liberty

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.319Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-websphere-cve20181755-info-disc(148597)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148597"
          },
          {
            "name": "1041558",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041558"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10728689"
          },
          {
            "name": "105150",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105150"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WebSphere Application Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "Liberty"
            }
          ]
        }
      ],
      "datePublic": "2018-08-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). This can happen when the Application Server is configured to permit access on non-secure (http) port and using JASPIC or JSR375 authentication."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:N/AC:H/AV:N/C:H/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-28T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-websphere-cve20181755-info-disc(148597)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148597"
        },
        {
          "name": "1041558",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041558"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10728689"
        },
        {
          "name": "105150",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105150"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-08-22T00:00:00",
          "ID": "CVE-2018-1755",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WebSphere Application Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Liberty"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). This can happen when the Application Server is configured to permit access on non-secure (http) port and using JASPIC or JSR375 authentication."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-websphere-cve20181755-info-disc(148597)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148597"
            },
            {
              "name": "1041558",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041558"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10728689",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10728689"
            },
            {
              "name": "105150",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105150"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1755",
    "datePublished": "2018-08-24T11:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T20:16:23.720Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted