IBM WebSphere Application Server CVE-2019-4442 Directory Traversal Vulnerability

Description

IBM WebSphere Application Server is prone to a directory-traversal vulnerability. An attacker can exploit this issue using directory-traversal characters (‘…/’) to access and write arbitrary files or to execute arbitrary files. IBM WebSphere Application Server version 9.0, 8.5, 8.0 and 7.0 are vulnerable.

Technologies Affected

• IBM Tivoli Federated Identity Manager 6.2.2
• IBM Websphere Application Server 7.0
• IBM Websphere Application Server 8.0
• IBM Websphere Application Server 8.5
• IBM Websphere Application Server 9.0

Recommendations

Block external access at the network boundary, unless external parties require service.
If global access isn’t needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to detect and block attacks and anomalous activity such as requests containing suspicious URI sequences. Since the webserver may log such requests, review its logs regularly.

Updates are available. Please see the references or vendor advisory for more information.