CVE-2017-1381

Vulnerability

IBM WebSphere Application Server Proxy Server or On-Demand-Router (ODR) versions 7.0, 8.0, 8.5, and 9.0 are affected. For V9.0, the issue only occurs when the custom property cache.query.string is set to false. The vulnerability arises when the system clock is changed, causing stale data to be cached and subsequently served to users [1].

Exploitation

A local attacker must be able to change the system clock (requiring local access or sufficient privileges). Once the clock is altered, the proxy or ODR may serve stale cached data, potentially exposing sensitive information. The attack complexity is high, and no user interaction is required [1].

Impact

Successful exploitation leads to information disclosure of sensitive data that was previously cached. The confidentiality impact is low; there is no integrity or availability impact [1].

Mitigation

IBM recommends applying the interim fix containing APAR PI82630 or upgrading to the appropriate fix pack: for V9.0, upgrade to Fix Pack 9.0.0.5 or later; for V8.5, upgrade to 8.5.5.13 or later; for V8.0 and V7.0, apply the corresponding fix pack containing PI82630. As a workaround, avoid changing the system clock [1].