Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2543 Multiple Vulnerabilities in IBM Sterling B2B Itegrator 28 August 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Sterling B2B Integrator Publisher: IBM Operating System: AIX HP-UX IBM i Linux variants Solaris Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Remote with User Interaction Provide Misleading Information -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-12538 CVE-2018-12536 CVE-2018-5429 CVE-2017-7658 CVE-2017-7657 CVE-2017-7656 CVE-2016-2171 CVE-2016-0712 CVE-2016-0711 CVE-2016-0710 CVE-2016-0709 CVE-2015-5254 CVE-2014-3600 CVE-2014-3596 CVE-2014-3576 CVE-2012-5784 CVE-2011-5034 CVE-2011-4905 CVE-2008-0732 CVE-2007-5797 CVE-2007-4548 CVE-2006-0254 Reference: ASB-2017.0169 ASB-2017.0104.2 ESB-2017.2415 ESB-2016.0456 ESB-2015.1317 Original Bulletin: https://www.ibm.com/support/docview.wss?uid=ibm10728833 https://www.ibm.com/support/docview.wss?uid=ibm10728839 https://www.ibm.com/support/docview.wss?uid=ibm10728841 https://www.ibm.com/support/docview.wss?uid=ibm10728893 https://www.ibm.com/support/docview.wss?uid=ibm10728823 https://www.ibm.com/support/docview.wss?uid=ibm10728825 Comment: This bulletin contains six (6) IBM security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: Multiple Security Vulnerabilities in ActiveMQ Affect IBM Sterling B2B Integrator Software version: 5.2.0.1 - 5.2.6.3 Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows Reference #: 0728833 Modified date: 27 August 2018 Security Bulletin Summary There are multiple security vulnerabilities in ActiveMQ that affect IBM Sterling B2B Integrator Vulnerability Details CVEID: CVE-2011-4905 DESCRIPTION: Apache ActiveMQ is vulnerable to a denial of service, caused by an error in the failover mechanism when handling an openwire connection request. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the broker service to crash. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/71620 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVEID: CVE-2012-5784 DESCRIPTION: Apache Axis 1.4, as used in multiple products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject''s Common Name (CN) field of the X.509 certificate. An attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server and launch further attacks against a vulnerable target. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/79829 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) CVEID: CVE-2014-3576 DESCRIPTION: Apache ActiveMQ is vulnerable to a denial of service, caused by an error in the processControlCommand function in broker/TransportConnection.java. A remote attacker could use the shutdown command to shutdown the service. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107290 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2014-3600 DESCRIPTION: Apache ActiveMQ could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending specially-crafted XML data to specify an XPath based selector, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100722 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2015-5254 DESCRIPTION: Apache ActiveMQ could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the classes that can be serialized in the broker. An attacker could exploit this vulnerability using a specially crafted serialized Java Message Service (JMS) ObjectMessage object to execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109632 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) Affected Products and Versions IBM Sterling B2B Integrator 5.2.0.1 - 5.2.6.3 Remediation/Fixes +----------------------------+------------------------------------------------+ |PRODUCT & Version |Remediation/Fix | +----------------------------+------------------------------------------------+ |IBM Sterling B2B Integrator |Apply IBM Sterling B2B Integrator version | |5.2.0.1 - 5.2.6.3 |6.0.0.0 available on Fix Central | +----------------------------+------------------------------------------------+ Workarounds and Mitigations No Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 24 August 2018: Original version published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - ------------------------------------------------------------------------------- Security Bulletin: Multiple Security Vulnerabilities in Apache Axis Affect IBM Sterling B2B Integrator (CVE-2014-3596, CVE-2012-5784) Software version: 5.2.0.1 - 5.2.6.3 Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows Reference #: 0728839 Modified date: 27 August 2018 Security Bulletin Summary IBM Sterling B2B Integrator uses ActiveMQ. ActiveMQ uses Axis and is vulnerable. Vulnerability Details CVEID: CVE-2012-5784 DESCRIPTION: Apache Axis 1.4, as used in multiple products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject''s Common Name (CN) field of the X.509 certificate. An attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server and launch further attacks against a vulnerable target. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/79829 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) CVEID: CVE-2014-3596 DESCRIPTION: Apache Axis and Axis2 could allow a remote attacker to conduct spoofing attacks, caused by and incomplete fix related to the failure to verify that the server hostname matches a domain name in the subject''s Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95377 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) Affected Products and Versions IBM Sterling B2B Integrator 5.2.0.1 - 5.2.6.3 Remediation/Fixes +----------------------------+------------------------------------------------+ |PRODUCT & Version |Remediation/Fix | +----------------------------+------------------------------------------------+ |IBM Sterling B2B Integrator |Apply IBM Sterling B2B Integrator version | |5.2.0.1 - 5.2.6.3 |6.0.0.0 available on Fix Central | +----------------------------+------------------------------------------------+ Workarounds and Mitigations No Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 24 August 2018: Original version published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - ------------------------------------------------------------------------------- Security Bulletin: Multiple Security Vulnerabilities in Apache Geronimo Affect IBM Sterling B2B Integrator Software version: 5.2.0.1 - 5.2.6.3 Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows Reference #: 0728841 Modified date: 27 August 2018 Security Bulletin Summary Multiple Security Vulnerabilities in Apache Geronimo Affect IBM Sterling B2B Integrator Vulnerability Details CVEID: CVE-2008-0732 DESCRIPTION: Apache Geronimo could allow a local attacker to obtain sensitive information, caused by the init script following symlinks during a chown operation. A location attacker could exploit this vulnerability and gain unauthorized access to files and directories to obtain sensitive information. CVSS Base Score: 2.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/40562 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2011-5034 DESCRIPTION: Apache Geronimo is vulnerable to a denial of service, caused by insufficient randomization of hash data structures. By sending multiple specially-crafted HTTP POST requests to an affected application containing conflicting hash key values, a remote attacker could exploit this vulnerability to cause the consumption of CPU resources. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/72047 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVEID: CVE-2008-0732 DESCRIPTION: Apache Geronimo could allow a local attacker to obtain sensitive information, caused by the init script following symlinks during a chown operation. A location attacker could exploit this vulnerability and gain unauthorized access to files and directories to obtain sensitive information. CVSS Base Score: 2.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/40562 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2006-0254 DESCRIPTION: Apache Geronimo is vulnerable to cross-site scripting, caused by improper validation of HTML tags by the Web-Access-Log Viewer. A remote attacker could exploit this vulnerability using a specially-crafted HTTP request to embed malicious script within the log file which, once the log file is viewed, would be executed in the administrator''s Web browser within the security context of the hosting Web site, allowing the attacker to steal the victim''s cookie-based authentication credentials. CVSS Base Score: 2.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/24159 for the current score CVSS Environmental Score*: Undefined CVSS Vector: () CVEID: CVE-2011-5034 DESCRIPTION: Apache Geronimo is vulnerable to a denial of service, caused by insufficient randomization of hash data structures. By sending multiple specially-crafted HTTP POST requests to an affected application containing conflicting hash key values, a remote attacker could exploit this vulnerability to cause the consumption of CPU resources. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/72047 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVEID: CVE-2008-0732 DESCRIPTION: Apache Geronimo could allow a local attacker to obtain sensitive information, caused by the init script following symlinks during a chown operation. A location attacker could exploit this vulnerability and gain unauthorized access to files and directories to obtain sensitive information. CVSS Base Score: 2.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/40562 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2007-5797 DESCRIPTION: Apache Geronimo could alllow a remote attacker to bypass security restrictions, caused by an error in the SQLLoginModule during the authentication process. By logging into the database with a non-existent username, a remote attacker could exploit this vulnerability to bypass authentication and gain unauthorized access to the vulnerable system. Note: The IBM WebSphere Application Server Community Edition is also affected by this vulnerability. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/38211 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) CVEID: CVE-2011-5034 DESCRIPTION: Apache Geronimo is vulnerable to a denial of service, caused by insufficient randomization of hash data structures. By sending multiple specially-crafted HTTP POST requests to an affected application containing conflicting hash key values, a remote attacker could exploit this vulnerability to cause the consumption of CPU resources. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/72047 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVEID: CVE-2007-4548 DESCRIPTION: Apache Geronimo could allow a remote attacker to bypass security restrictions, caused by the login method in LoginModule implementations failing to throw an exception for failed logins. A remote attacker could exploit this vulnerability to bypass authentication and send a null username and password in the command line deployer of the deployment module to gain unauthorized access to the vulnerable system. CVSS Base Score: 7 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/36468 for the current score CVSS Environmental Score*: Undefined CVSS Vector: () Remediation/Fixes +----------------------------+------------------------------------------------+ |PRODUCT & Version |Remediation/Fix | +----------------------------+------------------------------------------------+ |IBM Sterling B2B Integrator |Apply IBM Sterling B2B Integrator version | |5.2.0.1 - 5.2.6.3 |6.0.0.0 available on Fix Central | +----------------------------+------------------------------------------------+ Workarounds and Mitigations No Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 24 August 2018: Original version published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - ------------------------------------------------------------------------------- Security Bulletin: Multiple Security Vulnerabilities in Jetspeed Affect IBM Sterling B2B Integrator Software version: 5.2.0.1 - 5.2.6.3 Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows Reference #: 0728893 Modified date: 27 August 2018 Security Bulletin Summary There are multiple security vulnerabilities in Jetspeed that affect IBM Sterling B2B Integrator Vulnerability Details CVEID: CVE-2016-0711 DESCRIPTION: Apache Jetspeed is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the add a link, page, or folder functionality. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. CVSS Base Score: 6.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111887 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2016-0712 DESCRIPTION: Apache Jetspeed is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the URI path directory. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. CVSS Base Score: 6.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111888 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVEID: CVE-2016-2171 DESCRIPTION: Apache Jetspeed could allow a remote attacker to bypass security restrictions, caused by the failure to restrict access to the User Manager REST service. An attacker could exploit this vulnerability to gain unauthorized access to the application. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111889 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2016-0710 DESCRIPTION: Apache Jetspeed is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the User Manager service using the user or role parameter, which could allow the attacker to view, add, modify or delete information in the back-end database. CVSS Base Score: 6.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111886 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) CVEID: CVE-2016-0709 DESCRIPTION: Apache Jetspeed could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to the Import/Export function in the Portal Site Manager containing "dot dot" sequences (/../) in a ZIP archive to upload a .jsp file to write it to a disk and execute arbitrary code on the system. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111885 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) Affected Products and Versions IBM Sterling B2b Integrator 5.2.0.1 - 5.2.6.3 Remediation/Fixes +----------------------------+------------------------------------------------+ |PRODUCT & Version |Remediation/Fix | +----------------------------+------------------------------------------------+ |IBM Sterling B2B Integrator |Apply IBM Sterling B2B Integrator version | |5.2.0.1 - 5.2.6.3 |6.0.0.0 available on Fix Central | +----------------------------+------------------------------------------------+ Workarounds and Mitigations No Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 24 August 2018: Original version published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - ------------------------------------------------------------------------------- Security Bulletin: Multiple Security Vulnerabilities in Jetty Affect IBM Sterling B2B Integrator Software version: 5.2.0.1 - 5.2.6.3 Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows Reference #: 0728823 Modified date: 27 August 2018 Security Bulletin Summary There are multiple security vulnerabilities in Jetty that affect IBM Sterling B2B Integrator Vulnerability Details CVEID: CVE-2017-7658 DESCRIPTION: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw when handling more than one Content-Length headers. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. CVSS Base Score: 6.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/145522 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) CVEID: CVE-2018-12536 DESCRIPTION: Eclipse Jetty could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted URL request to the java.nio.file.InvalidPathException function using an invalid parameter to cause an error message to be returned containing the full installation path. An attacker could use this information to launch further attacks against the affected system. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/145523 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2017-7656 DESCRIPTION: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by a flaw in the HTTP/1.x Parser. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. CVSS Base Score: 6.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/145520 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) CVEID: CVE-2017-7657 DESCRIPTION: Eclipse Jetty is vulnerable to HTTP request smuggling, caused by improper handling of Chunked Transfer-Encoding chunk size. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. CVSS Base Score: 6.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/145521 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) CVEID: CVE-2018-12538 DESCRIPTION: Eclipse Jetty could allow a remote attacker to hijack a user's session, caused by a flaw in the FileSessionDataStore. An attacker could exploit this vulnerability to gain access to another user's session. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/145321 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) Affected Products and Versions IBM Sterling B2B Integrator 5.2.0.1 - 5.2.6.3 Remediation/Fixes +----------------------------+------------------------------------------------+ |PRODUCT & Version |Remediation/Fix | +----------------------------+------------------------------------------------+ |IBM Sterling B2B Integrator |Apply IBM Sterling B2B Integrator version | |5.2.0.1 - 5.2.6.3 |6.0.0.0 available on Fix Central | +----------------------------+------------------------------------------------+ Workarounds and Mitigations No Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 24 August 2018: Original version published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - ------------------------------------------------------------------------------- Security Bulletin: Security Vulnerability in TIBCO Jasper Reports Affects IBM Sterling B2B Integrator (CVE-2018-5429) Software version: 5.2.0.1 - 5.2.6.3 Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows Reference #: 0728825 Modified date: 27 August 2018 Security Bulletin Summary Security vulnerability in TIBCO Jasper Reports Affects IBM Sterling B2B Integrator Vulnerability Details CVEID: CVE-2018-5429 DESCRIPTION: Multiple TIBCO JasperReports products could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the report scripting component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code with the privileges of the operation system process. CVSS Base Score: 8.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/142094 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Affected Products and Versions IBM Sterling B2B Integrator 5.2.0.1 - 5.2..6.3 Remediation/Fixes +----------------------------+------------------------------------------------+ |PRODUCT & Version |Remediation/Fix | +----------------------------+------------------------------------------------+ |IBM Sterling B2B Integrator |Apply IBM Sterling B2B Integrator version | |5.2.0.1 - 5.2.6.3 |6.0.0.0 available on Fix Central | +----------------------------+------------------------------------------------+ Workarounds and Mitigations No Related Information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 24 August 2018: Original version published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW4TvH2aOgq3Tt24GAQhn1BAA0XLw9DuPexYygQQFcW81lIDu4YjPPQQ6 Fg4WBQ7wGWHN4cwzPCpLNx9qWwtivf02aooh3rnPPHQ6+2F8rBchxjRXorBmL4wt 8wBvOVHiENqM616WZKnLPEcXXxR1Xkg9bVLOg1MeuEPLuvs7Z+PQXxMsXJAMLdTt GxN7p0DP7rDobXpNTaJ6sPDXOqn5Wc3mRAgrl55zLR/9okSopOy51wBhvpqDebJx uGzXS61Zv6SSJiPZUeFgVwsJ/7IzyllGzocIIr4TehrARpy7r89HJuY5WhhyBcUh 9w3UFxSs35Np6fshWZzGmXxjSwhoEPM9AGsnzo1toG3evCiOd8glvM5bn6VgMZkC 00XTT4eWXk6DwW4gnykr08XzNZu79st4kaGjxAlsGxzuCKQUoBeRXtdGeTzv0P5S Vr3WKGgjTd2RUPWXqK/cXT9j3asSe7gacdobSMxY80oM+4BIoSFuwHlE0hClMFXj j7JHlN9IS8z9yXh6FiDEaqWUVNZd05TItQWfsasu+xZZdVIgxvh1R8TaFu6Jwcsn 6y73PksMuyms8PG/R2RBhyJlfxZRF4ceZ2T195Ywb7+BiUzt54XtC69GoIcPub3j cVgfPADoayglXbfCQgGMj0NEpurtf3MxQxWuh1LySCfOctAD6Byji1mSJUfXfe/G nxxNmjzmLQA= =Qgil -----END PGP SIGNATURE-----