IBM WebSphere Application Server 8.5 < 8.5.5.6 Multiple Vulnerabilities (FREAK)

The remote host appears to be running IBM WebSphere Application Server 8.5 prior to 8.5.5.6. Such versions are potentially affected by multiple issues :

• A flaw exists that is triggered as deployment descriptor security constraints are combined with ServletSecurity annotations on a servlet. This may allow a remote attacker to gain elevated privileges. (CVE-2014-8890)
• A security feature bypass vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys), exists in the IBM Global Security Kit (GSKit) due to the support of weak EXPORT_RSA cipher suites with keys less than or equal to 512 bits. A man-in-the-middle (MitM) attacker may be able to downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which can be factored in a short amount of time, allowing the attacker to intercept and decrypt the traffic. (CVE-2015-0138)
• An information disclosure vulnerability exists due to a flaw in the Bleichenbacher countermeasure implementation in Apache WSS4J. A remote attacker can exploit this, via a crafted message, to determine where an encryption failure took place, allowing the attacker to gain access to the plaintext symmetric key. (CVE-2015-0226)
• An XML External Entity (XXE) vulnerability exists due to an incorrectly configured XML parser that accepts XML external entities from an untrusted source. A remote attacker can exploit this, via specially crafted XML data, to gain access to arbitrary files. (CVE-2015-0250)
• A privilege escalation vulnerability exists due to a flaw that occurs in ‘full’ profile and ‘liberty’ profile when using an OAuth grant password. A remote attacker can exploit this to gain elevated privileges. (CVE-2015-1885)
• A privilege escalation vulnerability exists due to incorrect settings in the ‘serveServletsbyClassname’ functionality. A remote attacker can exploit this to gain elevated privileges. (CVE-2015-1927)
• An information disclosure vulnerability exists that allows an unauthenticated, remote attacker to identify the proxy server software by reading the HTTP ‘Via’ header. (CVE-2015-1932)
• An unspecified flaw exists in the administrative console that allows a remote attacker, via the ‘JSESSIONID’ parameter, to hijack a user’s session. (CVE-2015-1936)
• A privilege escalation vulnerability exists due to an unspecified flaw that occurs when handling user roles. A local attacker can exploit this to gain elevated privileges. (CVE-2015-1946)
• A security feature bypass vulnerability exists, known as Bar Mitzvah, due to improper combination of state data with key data by the RC4 cipher algorithm during the initialization phase. A MitM attacker can exploit this, via a brute-force attack using LSB values, to decrypt the traffic. (CVE-2015-2808)
• An unspecified flaw exists that allows an unauthenticated, remote attacker to spoof servlets or disclose sensitive information. (CVE-2015-4938)