Flash (Alert)
Abstract
Security vulnerabilities have been discovered in the IBM Rational Directory Server (RDS) Help system shipped with the RDS product. When the Help file is opened in Rational Directory Administrator, the 'href' parameter in advanced/deferredView.jsp causes the followng security vulnerabilities: Open Redirect and Cross Site Scripting.
Content
Below are the security vulnerabilitys found in the RDS help (menu 'Help'->'Help' item in RDA window):
- Open Redirect:
http://localhost:8080/rds-help/advanced/deferredView.jsp?href=http://www.google.com?view=tocIf the product has a security vulnerability the browser will redirect to google home page
- Cross Site Scripting:
http://localhost:8080/rds-help/advanced/deferredView.jsp?href=javascript:alert%28document.cookie%29
If the product has a security vulnerability, an alert/dialog box pops up with some garbage text
Resolution:
This vulnerability affects all versions of RDA (Tivoli) and RDA (Apache). The complete fix for this issue will be delivered through different release cycles:
- RDA Tivoli: RDS 5.2.0.2 iFix02 is scheduled to be released on 21st June 2012
- RDA Apache: A fix pack release RDS 5.1.1.2 is planned End of August 2012
WORKAROUND:
In the mean time, this risk can be mitigated by following the below steps.
- Download the rds-help.zip file and extract the rds-help.war
- Stop the WebAccessServer (apache tomcat server)
Windows:
<RDS\RDA install location>\WebAccessServer\apache-tomcat-x.0.xx\bin\catalina.bat stop
Unix:
<RDS/RDA install location>/WebAccessServer/apache-tomcat-x.0.xx/bin\catalina.sh stop
- Go to the location where the war file is located in the RDS/RDA install location.
Windows:
<RDS\RDA install location>\WebAccessServer\apache-tomcat-x.0.xx\webapps\
Unix:
<RDS/RDA install location>/WebAccessServer/apache-tomcat-x.0.xx/webapps/
- Delete/backup the following:
file: rds-help.war
Directory: rds-help
- Replace the rds-help.war downloaded.
- Start the WebAccessServer
Windows:
<RDS\RDA install location>\WebAccessServer\Start_RDAWebServer.bat
Unix:
<RDS/RDA install location>/WebAccessServer/Start_RDAWebServer.sh
Note: This help file has contents for RDS versions 5.2(Tivoli) and later, and RDS 5.1.1 (Apache) and later
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.