Security Bulletin: Multiple vulnerabilities in IBM Rational Policy Tester (CVE-2013-0532, CVE-2013-0512, CVE-2012-4431, CVE-2013-0513, CVE-2008-4033, CVE-2013-0474, CVE-2013-0473, CVE-2012-5081)

Flash (Alert)


Abstract

Previous releases of IBM Rational Policy Tester are affected by multiple vulnerabilities reported in 3rd party components bundled with the product as well as in proprietary IBM code. These vulnerabilities include Cross-site Scripting, SQL injection, code execution, stack overflow, Cross-Site Request Forgery, and Information disclosure vulnerabilities.

Content

VULNERABILITY DETAILS:

Cross-Site Request Forgery vulnerability in Policy Tester

CVE ID: CVE-2013-0532

DESCRIPTION:
A remote attacker could exploit this vulnerability by creating a request that would cause a denial of service attack against Policy Tester. Specific knowledge of Policy Tester is necessary to conduct the attack. The attack can be conducted over the internet. No authentication is required for the attack.

CVSS:

CVSS Base Score: 4.3
CVSS Temporal Score: See
http://xforce.iss.net/xforce/xfdb/82595 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:M/Au:N/C:N/I:P/A:N)



AFFECTED PLATFORMS:
Running on Microsoft Windows:
· Versions 5.6 through 8.5.0.3 of Rational Policy Tester

REMEDIATION:

The recommended solution is to apply the fix for each named product as soon as practical. Please see below for information about the fixes available.

Vendor Fix(es):
For version 5.6 to 8.5.0.3 of Policy Tester
· Upgrade to version 8.5.0.4

If you are unable to upgrade, contact IBM Technical Support.

Workaround(s):
Not applicable; upgrade to version 8.5.0.4 for Policy Tester

Mitigation(s):
None



Stack overflow vulnerability in Firefox manual explore plug-in

CVE ID: CVE-2013-0512

DESCRIPTION:
An attacker could cause the Firefox manual explore browser plug-in used by Policy Tester to crash using a specially crafted page. Other than causing the crash, the attacker will not be able to execute any code. Specific knowledge of Policy Tester is necessary to conduct the attack. The attack can be conducted over the internet. No authentication is required for the attack.

CVSS:

CVSS Base Score: 4.3
CVSS Temporal Score: See
http://xforce.iss.net/xforce/xfdb/82593 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:M/Au:N/C:N/I:N/A:P)



AFFECTED PLATFORMS:
Running on Microsoft Windows:
· Versions 8.0 through 8.5.0.3 of Rational Policy Tester/ Rational Policy Tester

REMEDIATION:

The recommended solution is to apply the fix for each named product as soon as practical. Please see below for information about the fixes available.

Vendor Fix(es):
For version 8.0 to 8.5.0.3 of Policy Tester
· Upgrade to version 8.5.0.4

If you are unable to upgrade to version 8.5.0.4, contact IBM Technical Support.


Workaround(s):
Not applicable; upgrade to version 8.5.0.4 for Policy Tester

Mitigation(s):
None



Tomcat 7.0.25 CSRF filter bypass vulnerability

CVE ID: CVE-2012-4431

DESCRIPTION:
An error exists in Tomcat that can allow cross-site request forgery (CSRF) attacks to bypass internal filtering. This could allow an attacker to access protected resources without a session identifier. Specific knowledge of Tomcat is necessary to conduct the attack. The attack can be conducted over the internet. No authentication is required for this attack.


CVSS:

CVSS Base Score: 4.3
CVSS Temporal Score: See
http://xforce.iss.net/xforce/xfdb/80518 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:M/Au:N/C:N/I:P/A:N)



AFFECTED PLATFORMS:
Running on Microsoft Windows:
· Versions 8.5.0.1 to 8.5.0.3 of Rational Policy Tester
Running Linux:
· Versions 8.5.0.1 to 8.5.0.3 of Rational Policy Tester

REMEDIATION:

The recommended solution is to apply the fix for each named product as soon as practical. Please see below for information about the fixes available.

Vendor Fix(es):

For version 8.5.0.1 to 8.5.0.3 of Policy Tester
· Upgrade to version 8.5.0.4

If you are unable to upgrade to version 8.5.0.4, contact IBM Technical Support.

Workaround(s):
Contact IBM Technical Support for further information on workarounds for this issue.

Mitigation(s):
None



Cross-Site Scripting vulnerabilities in Policy Tester

CVE ID: CVE-2013-0473

DESCRIPTION:
A remote attacker could exploit this vulnerability using a report to inject malicious script into the application, which would be executed in a victim's Web browser once the page is viewed. An attacker could potentially obtain temporary access to the user’s session. Specific knowledge of Policy Tester is necessary to conduct the attack. The attack can be conducted over an adjacent network. No authentication is required for this attack.


CVSS: CVE-2013-0473

CVSS Base Score: 4.3
CVSS Temporal Score: See
http://xforce.iss.net/xforce/xfdb/81337 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:M/Au:N/C:N/I:P/A:N)



AFFECTED PLATFORMS:
Running on Microsoft Windows:
· Versions 5.6 through 8.5.0.3 of Rational Policy Tester

REMEDIATION:

The recommended solution is to apply the fix for each named product as soon as practical. Please see below for information about the fixes available.

Vendor Fix(es):
For version 5.6 to 8.5.0.3 of Policy Tester
· Upgrade to version 8.5.0.4

If you are unable to upgrade to version 8.5.0.4, contact IBM Technical Support.


Workaround(s):
Not applicable; upgrade to version 8.5.0.4 for Policy Tester


Mitigation(s):
None



Service is installed without a quoted service path

CVE ID: CVE-2013-0513

DESCRIPTION:
A service created during install does not constrain the service path in quotes and leaves it vulnerable to Microsoft Windows Unquoted Service Path Enumeration issue. An attacker could gain elevated privileges using the service. No specialized knowledge is necessary to conduct this attack. The attacker will need local access to the Policy Tester machine in order to conduct the attack. Authentication is not a requirement.

CVSS:

CVSS Base Score: 7.2
CVSS Temporal Score: See
http://xforce.iss.net/xforce/xfdb/82594 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:L/AC:L/Au:N/C:C/I:C/A:C)



AFFECTED PLATFORMS:
Running on Microsoft Windows:
· Versions 5.6 through 8.5.0.3 of Rational Policy Tester

REMEDIATION:

The recommended solution is to apply the fix for each named product as soon as practical. Please see below for information about the fixes available.

Vendor Fix(es):
For version 5.6 to 8.5.0.3 of Policy Tester
· Upgrade to version 8.5.0.4

If you are unable to upgrade to version 8.5.0.4, contact IBM Technical Support.

Workaround(s):
Contact IBM Technical Support for further information on workarounds for this issue.

Mitigation(s):
IBM Policy Tester users are instructed to use a limited user account as the service account.



Cross-domain vulnerability in Microsoft XML Core Services dll


CVE ID: CVE-2008-4033

DESCRIPTION:
The Microsoft XML Core Services dll file that is installed allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields. No specialized knowledge of Policy Tester is necessary to conduct this attack. The attack can be conducted over the internet. No authentication is required for this attack.


CVSS:

CVSS Base Score: 4.3
CVSS Temporal Score: See
http://xforce.iss.net/xforce/xfdb/45555 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:M/Au:N/C:P/I:N/A:N)



AFFECTED PLATFORMS:
Running on Microsoft Windows:
· Versions 5.6 through 8.5.0.3 of Rational Policy Tester

REMEDIATION:

The recommended solution is to apply the fix for each named product as soon as practical. Please see below for information about the fixes available.

Vendor Fix(es):
For version 5.6 to 8.5.0.3 of Policy Tester
· Upgrade to version 8.5.0.4

If you are unable to upgrade to version 8.5.0.4, contact IBM Technical Support.


Workaround(s):
Not applicable; upgrade to version 8.5.0.4 for Policy Tester


Mitigation(s):
None



AppScan Manual Explore browser sends Platform Authentication credentials to unauthenticated server

CVE ID: CVE-2013-0474

DESCRIPTION:
An attacker could specially craft a page to capture platform credentials upon visiting the page with the manual explore browser plug-in. This could lead to takeover of the test account being used for scanning. Specific knowledge of Policy Tester along with the ability to modify the site being tested is necessary to conduct the attack. The attack can be conducted over the internet. No authentication is required for this attack.

CVSS:

CVSS Base Score: 4.3
CVSS Temporal Score: See
http://xforce.iss.net/xforce/xfdb/81338 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:M/Au:N/C:N/I:P/A:N)



AFFECTED PLATFORMS:
Running on Microsoft Windows:
· Versions 5.6 through 8.5.0.3 of Rational Policy Tester/ Rational Policy Tester

REMEDIATION:

The recommended solution is to apply the fix for each named product as soon as practical. Please see below for information about the fixes available.

Vendor Fix(es):
For version 5.6 to 8.5.0.3 of Policy Tester
· Upgrade to version 8.5.0.4

If you are unable to upgrade to version 8.5.0.4, contact IBM Technical Support.


Workaround(s):
Not applicable; upgrade to version 8.5.0.4 for Policy Tester

Mitigation(s):
None



SQL Injection vulnerability in AppScan Enterprise

CVE ID: CVE-2013-0511

DESCRIPTION:
A Blind SQL injection attack on certain parameters can be used to access the information stored in the AppScan Enterprise database. Specific knowledge of Policy Tester is necessary to conduct the attack. The attacker can conduct the attack over an adjacent network. Single authentication to the Policy Tester console is required for this attack.


CVSS:

CVSS Base Score: 6.5
CVSS Temporal Score: See
http://xforce.iss.net/xforce/xfdb/82344 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:L/Au:S/C:P/I:P/A:P)



AFFECTED PLATFORMS:
Running on Microsoft Windows:
· Versions 5.6 through 8.5.0.3 of Rational Policy Tester

REMEDIATION:

The recommended solution is to apply the fix for each named product as soon as practical. Please see below for information about the fixes available.

Vendor Fix(es):
For version 5.6 to 8.5.0.3 of Policy Tester
· Upgrade to version 8.5.0.4

If you are unable to upgrade to version 8.5.0.4, contact IBM Technical Support.


Workaround(s):
Not applicable; upgrade to version 8.5.0.4 for Policy Tester


Mitigation(s):
None



CVSS5 TLS Issue Disclosed in the Summary Advisory for the Oracle October 2012 CPU

CVE ID: CVE-2012-5081

DESCRIPTION:
A vulnerability in the JDK's TLS implementation can impact the availability of the Jazz server bundled with Policy Tester preventing users from logging in. The flaw does not impact Policy Tester installations that use Windows authentication. The attack can be conducted over the internet. No authentication is required for this attack. No specialized knowledge of Policy Tester is necessary to conduct this attack.

CVSS:

CVSS Base Score: 5
CVSS Temporal Score: See
http://xforce.iss.net/xforce/xfdb/79435 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:L/Au:N/C:N/I:N/A:P)



AFFECTED PLATFORMS:
Running on Microsoft Windows:
· Versions 8.5 through 8.5.0.3 of Rational Policy Tester

REMEDIATION:

The recommended solution is to apply the fix for each named product as soon as practical. Please see below for
information about the fixes available.

Vendor Fix(es):
For version 8.5 to 8.5.0.3 of Policy Tester
· Upgrade to version 8.5.0.4
If you are unable to upgrade to version 8.5.0.4, contact IBM Technical Support.

Workaround(s):
Not applicable; upgrade to version 8.5.0.4 for Policy Tester

Mitigation(s):
None





REFERENCES:

Complete CVSS Guide
On-line Calculator V2
CVE-2012-4431
CVE-2008-4033
CVE-2013-0474
CVE-2013-0473
CVE-2012-5081
CVE-2013-0532
CVE-2013-0511
CVE-2013-0512
CVE-2013-0513
http://xforce.iss.net/xforce/xfdb/82595
http://xforce.iss.net/xforce/xfdb/82593
http://xforce.iss.net/xforce/xfdb/80518
http://xforce.iss.net/xforce/xfdb/81337
http://xforce.iss.net/xforce/xfdb/82594
http://xforce.iss.net/xforce/xfdb/45557
http://xforce.iss.net/xforce/xfdb/81338
http://xforce.iss.net/xforce/xfdb/82344
http://xforce.iss.net/xforce/xfdb/79435

RELATED INFORMATION:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog


*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this alert.

Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.


Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Rational Policy Tester
General Support Issues

Software version:

5.6, 8.0, 8.5

Operating system(s):

Windows

Reference #:

1631304

Modified date:

2013-03-25

Translate my page

Machine Translation

Content navigation