IBM WebSphere Caching Proxy DoS

2002-10-23T12:16:08
ID OSVDB:2090
Type osvdb
Reporter OSVDB
Modified 2002-10-23T12:16:08

Description

Vulnerability Description

IBM Web Traffic Express (WTE) is a Web caching proxy server that is included as a component in the WebSphere Edge Server. IBM Web Traffic Express versions 4.x (included with IBM WebSphere Edge Server version 2.0) and 3.6 are vulnerable to a denial of service attack. If a remote attacker sends a specially-crafted HTTP request to the /cgi-bin/helpout.exe script, the attacker would cause the proxy server (ibmproxy.exe) to crash.

Technical Description

The Caching Proxy component of IBM's WebSphere Edge Server v2.0 is vulnerable to a denial-of-service attack against one of the default CGI programs. A malformed HTTP request for /cgi-bin/helpout.exe will cause ibmproxy.exe to crash and cease functioning.

GET /cgi-bin/helpout.exe HTTP

Solution Description

A suggested workaround is to move the '/cgi-bin/helpout.exe' file to a non-executable directory until a fix has been applied.

Users are advised to install Caching Proxy efix build 4.0.1.26. Users of Caching Proxy Server 3.6 are advised to contact their vendor for information about obtaining fixes.

Short Description

IBM Web Traffic Express (WTE) is a Web caching proxy server that is included as a component in the WebSphere Edge Server. IBM Web Traffic Express versions 4.x (included with IBM WebSphere Edge Server version 2.0) and 3.6 are vulnerable to a denial of service attack. If a remote attacker sends a specially-crafted HTTP request to the /cgi-bin/helpout.exe script, the attacker would cause the proxy server (ibmproxy.exe) to crash.

Manual Testing Notes

Create a connection to port 80 on the target host and run GET /cgi-bin/helpout.exe HTTP/1.0 If system crashes, it is most likely vulnerable.

References:

Vendor Specific Advisory URL Nessus Plugin ID:11162 ISS X-Force ID: 10452 CVE-2002-1169 Bugtraq ID: 6002