Security Bulletin
Summary
A parameter path to the Rational Directory Server help documentation causes an error message response from the server with HTTP ERROR 500 debug information displayed in the browser.
Vulnerability Details
Subscribe to My Notifications to be notified of important product support alerts like this.
|
CVE ID: CVE-2013-0599
Description: A parameter path to the Rational Directory Server help documentation causes an error message response from the server with HTTP ERROR 500 debug information displayed in the browser.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83613
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/AU:N/C:P/I:N/A:N)
Affected Products and Versions
RDA versions 5.2.1 (and earlier) and 5.1.1.2 (and earlier) are affected due to this vulnerability.
Remediation/Fixes
Upgrade to one of the following releases:
Workarounds and Mitigations
WORKAROUND:
Download and extract the rds-help.war file: http://download.boulder.ibm.com/ibmdl/pub/software/rationalsdp/documentation/war/rds-help.war_1.0.0.I20130508_1017.zip
RDA with Apache Tomcat Server. 5.2.0.2 (or earlier) and 5.1.1.1 (or earlier):
- Stop the WebAccessServer.
Windows:
<RDS\RDA install location>\WebAccessServer\apache-tomcat-x.0.xx\bin\catalina.bat stop
UNIX / Linux:
<RDS/RDA install location>/WebAccessServer/apache-tomcat-x.0.xx/bin\catalina.sh stop
- Navigate to the war file located in the RDS/RDA install location.
Windows:
<RDS\RDA install location>\WebAccessServer\apache-tomcat-x.0.xx\webapps
UNIX / Linux:
<RDS/RDA install location>/WebAccessServer/apache-tomcat-x.0.xx/webapps
- Delete/backup the following:
- file: rds-help.war
- directory: rds-help
- Replace with the rds-help.war download.
- Start the WebAccessServer
Windows:
<RDS\RDA install location>\WebAccessServer\Start_RDAWebServer.bat
UNIX / Linux:
<RDS/RDA install location>/WebAccessServer/Start_RDAWebServer.sh
RDA with WebSphere Application Server. 5.2.1 (or later) and 5.1.1.2 (or later):
- Stop the WebAppsServer
Windows:
<RDS\RDA install location>\WebAppsServer\RDAWebAppServer.bat stop
UNIX / Linux:
<RDS/RDA install location>/WebAppsServer/RDAWebAppServer.sh stop
- Navigate to the war file located in the RDS/RDA install location.
Windows:
<RDS\RDA install location>\WebAppsServer\WLP_8.5.x.0\usr\servers\defaultServer\(apps Or dropins)
UNIX / Linux:
<RDS/RDA install location>/WLP_8.5.x.0/usr/servers/defaultServer/(apps Or dropins)
- Delete/backup the following:
- file: rds-help.war
- Replace with the rds-help.war download.
- Start the WebAppsServer
Windows:
<RDS\RDA install location>\WebAppsServer\RDAWebAppServer.bat start
UNIX / Linux:
<RDS/RDA install location>/WebAppsServer/RDAWebAppServer.sh start
The latest rds-help.war file is now installed which does not have the security vulnerabilities.
Get Notified about Future Security Bulletins
References
Acknowledgement
None
Change History
* 16 May 2013: Original copy published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21637151