Security vulnerabilities have been discovered in the IBM Rational Directory Server (RDS) Help system shipped with the RDS product. When the Help file is opened in Rational Directory Administrator, the 'href' parameter in advanced/deferredView.jsp causes the followng security vulnerabilities: Open Redirect and Cross Site Scripting.
Below are the security vulnerabilitys found in the RDS help (menu 'Help'->'Help' item in RDA window):
- Open Redirect:
If the product has a security vulnerability the browser will redirect to google home page
- Cross Site Scripting:
If the product has a security vulnerability, an alert/dialog box pops up with some garbage text
This vulnerability affects all versions of RDA (Tivoli) and RDA (Apache). The complete fix for this issue will be delivered through different release cycles:
- RDA Tivoli: RDS 184.108.40.206 iFix02 is scheduled to be released on 21st June 2012
- RDA Apache: A fix pack release RDS 220.127.116.11 is planned End of August 2012
In the mean time, this risk can be mitigated by following the below steps.
- Download the rds-help.zip file and extract the rds-help.war
- Stop the WebAccessServer (apache tomcat server)
<RDS\RDA install location>\WebAccessServer\apache-tomcat-x.0.xx\bin\catalina.bat stop
<RDS/RDA install location>/WebAccessServer/apache-tomcat-x.0.xx/bin\catalina.sh stop
- Go to the location where the war file is located in the RDS/RDA install location.
<RDS\RDA install location>\WebAccessServer\apache-tomcat-x.0.xx\webapps\
<RDS/RDA install location>/WebAccessServer/apache-tomcat-x.0.xx/webapps/
- Delete/backup the following:
- Replace the rds-help.war downloaded.
- Start the WebAccessServer
<RDS\RDA install location>\WebAccessServer\Start_RDAWebServer.bat
<RDS/RDA install location>/WebAccessServer/Start_RDAWebServer.sh
Note: This help file has contents for RDS versions 5.2(Tivoli) and later, and RDS 5.1.1 (Apache) and later