CVE-2022-22365 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames.

A malicious person can modify the client's hostname via DNS spoofing, causing the browser to send requests to a different host. The attacker can then send requests to an internal server with malicious code. IBM X-Force ID: 220903. Ajax Proxy is enabled by default on the following IBM WebSphere application servers: IBM WebSphere Application Server 7.0, 8.0, and 8.5. This issue affects all versions of Ajax Proxy. To determine if Ajax Proxy is enabled on your system, use the following instructions: From the application server control panel, select the server, then click the Advanced tab, and select the option to view the source code. In the application server source code, locate the section that sets the value of the XML environment variable. For example: env:EnviromentVariable name="WAS_X_FORCE_ENABLED" value="true"> Save and close the application server source code. In order for Ajax Proxy to work properly, the application server must communicate with the proxy using the HTTPS protocol.

How did you get your system?

If you are using a self-hosted IBM WebSphere application server, and the application server's XML environment variable was set to "true" in the source code, then Ajax Proxy is enabled by default.
NOTE: If you are using an IBM Flex System V7000 M4 or later, and the XML environment variable was set to "true" in the source code, then Ajax Proxy is enabled by default.

Fixed Software

IBM has released new software that resolves this issue. You can obtain this software by contacting IBM Technical Support.

Reference:

- IBM X-Force ID: 220903
A malicious person can modify the client's hostname via DNS spoofing, causing the browser to send requests to a different host. The attacker can then send requests to an internal server with malicious code.

Overview

A malicious person can modify the client's hostname via DNS spoofing, causing the browser to send requests to a different host. The attacker can then send requests to an internal server with malicious code. Ajax Proxy is enabled by default on the following IBM WebSphere application servers: IBM WebSphere Application Server 7.0, 8.0, and 8.5. This issue affects all versions of Ajax Proxy. To determine if Ajax Proxy is enabled on your system, use the following instructions: From the application server control panel, select the server, then click the Advanced tab, and select the option to view the source code. In the application server source code, locate the section that sets the value of the XML environment variable. For example: env:EnviromentVariable name="WAS_X_FORCE_ENABLED" value="true"> Save and close the application server source code. In order for Ajax Proxy to work properly, it must communicate with proxy using HTTPS protocol

Timeline

Published on: 05/20/2022 17:15:00 UTC
Last modified on: 06/02/2022 14:04:00 UTC

References

• https://exchange.xforce.ibmcloud.com/vulnerabilities/220904
• https://www.ibm.com/support/pages/node/6587947
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22365