==================================================================== CERT-Renater Note d'Information No. 2012/VULN435 ____________________________________________________________________ DATE : 29/10/2012 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S) : Systems running ITM Tivoli Enterprise Portal Server versions 6. ====================================================================== http://www-01.ibm.com/support/docview.wss?uid=swg21614003 ______________________________________________________________________ WebServer HTTP TRACE or TRACK Methods Information Disclosure Vulnerability Technote (FAQ) Question How to resolve the vulnerability on the ITM web server? Cause There are 2 security exposures: - - in the internal HTTP server - - in the external IHS web server The first one has been identified as an ITM product defect. The second one has been identified as a vulnerability to fix and ITM team is working with IHS provider to find a permanent solution. Answer The internal HTTP server exposure is addressed by APAR IV23864 which will be included in ITM 6.2.3 FP3. The external IHS vulnerability is being addressed together with the IHS provider and so far we have a workaround available which is modifying the httpd.conf file. Work-around steps: 1) Locate the httpd.conf file. On Windows %candle_home%\IHS\conf\httpd.conf C:\IBM\ITM\IHS\conf\httpd.conf On Unix $CANDLEHOME//iu/ihs/conf/httpd.conf /opt/IBM/ITM/*/iu/ihs/conf/httpd.conf 2) Make a backup of httpd.conf to httpd.conf.save 3) Modify httpd.conf a) Locate the line that starts with the word "ServerRoot" b) Insert the following lines after the located line: # disable TRACE in the main scope of httpd.conf RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F] RewriteCond %{REQUEST_METHOD} ^TRACK RewriteRule .* - [F] TraceEnable off c) Locate the following line: #LoadModule rewrite_module modules/mod_rewrite.so d) Uncomment the line so that it looks like: LoadModule rewrite_module modules/mod_rewrite.so e) Locate the section: f) Within the section, locate the line that starts "TransferLog" g) Insert the following lines after the located line: # disable TRACE and TRACK in the virtual host RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F] RewriteCond %{REQUEST_METHOD} ^TRACK RewriteRule .* - [F] h) Save httpd.conf 4) Restart the HTTP server. You can do this by recycling the Tivoli Enterprise Portal Server. 5) Run the security scan and verify that the vulnerabilities are fixed. Copyright and trademark information IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml. ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================