{"id": "CVE-2007-3262", "bulletinFamily": "NVD", "title": "CVE-2007-3262", "description": "Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a \"TCP issue,\" or to MPAlarmThread and a resultant memory leak.", "published": "2007-06-19T18:30:00", "modified": "2017-07-29T01:32:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3262", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/24505", "http://www-1.ibm.com/support/docview.wss?uid=swg27007951", "http://osvdb.org/41614", "http://secunia.com/advisories/25704", "https://exchange.xforce.ibmcloud.com/vulnerabilities/34903", "http://www.vupen.com/english/advisories/2007/2234"], "cvelist": ["CVE-2007-3262"], "type": "cve", "lastseen": "2019-05-29T18:09:00", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "18528df6569a6117bd328cbdf39aecf2"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "c54b1957672799e1dfe98f2d5a94492f"}, {"key": "cvss", "hash": "5a4bd22c495ccbe3aa9b54cab81d2473"}, {"key": "cvss2", "hash": "b34e5c25d82480fc6f4979a59fe0e9ff"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "972d881454ed6be0eddbd8e5f32135e3"}, {"key": "href", "hash": "d16faa161fa1b5fdb0244016cd73792d"}, {"key": "modified", "hash": "5236b91902a09e689e0aae6ceeaf2acd"}, {"key": "published", "hash": "835365afb97c56e20672bfc07520cf19"}, {"key": "references", "hash": "1a2eade658263616cbb1644d241e5ca5"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "6cbef1976db9f50bea179dc83f4f18c4"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "60a4ef7150f6748d701f78cab2107074e676bea08cdd4a3dac6a17544387cf80", "viewCount": 0, "enchantments": {"score": {"value": 5.6, "vector": "NONE", "modified": "2019-05-29T18:09:00"}, "dependencies": {"references": [{"type": "nessus", "idList": ["WEBSPHERE_6_1_0_7.NASL"]}], "modified": "2019-05-29T18:09:00"}, "vulnersScore": 5.6}, "objectVersion": "1.3", "cpe": [], "affectedSoftware": [{"name": "ibm websphere_application_server", "operator": "le", "version": "6.1.0.7"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": [], "cwe": ["NVD-CWE-Other"]}

{"nessus": [{"lastseen": "2019-12-13T09:58:00", "bulletinFamily": "scanner", "description": "IBM WebSphere Application Server 6.1 before Fix Pack 7 appears to be\nrunning on the remote host. As such, it is reportedly affected by the\nfollowing vulnerabilities :\n\n - An unspecified denial of service vulnerability in the\n Java Message Service (JMS).\n\n - An unspecified vulnerability in the Servlet Engine/\n Web Container. (PK36447)\n\n - An unspecified vulnerability in the Default Messaging\n component could lead to a denial of service. \n\n - An unspecified vulnerability in the Default Messaging\n component which has unknown impact and attack vectors.", "modified": "2019-12-02T00:00:00", "id": "WEBSPHERE_6_1_0_7.NASL", "href": "https://www.tenable.com/plugins/nessus/45420", "published": "2010-04-05T00:00:00", "title": "IBM WebSphere Application Server 6.1 < 6.1.0.7 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45420);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\"CVE-2007-1944\", \"CVE-2007-1945\", \"CVE-2007-3262\", \"CVE-2007-3263\");\n script_bugtraq_id(23459);\n script_xref(name:\"Secunia\", value:\"24852\");\n script_xref(name:\"Secunia\", value:\"25704\");\n\n script_name(english:\"IBM WebSphere Application Server 6.1 < 6.1.0.7 Multiple Vulnerabilities\");\n script_summary(english:\"Reads the version number from the SOAP port\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote application server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"IBM WebSphere Application Server 6.1 before Fix Pack 7 appears to be\nrunning on the remote host. As such, it is reportedly affected by the\nfollowing vulnerabilities :\n\n - An unspecified denial of service vulnerability in the\n Java Message Service (JMS).\n\n - An unspecified vulnerability in the Servlet Engine/\n Web Container. (PK36447)\n\n - An unspecified vulnerability in the Default Messaging\n component could lead to a denial of service. \n\n - An unspecified vulnerability in the Default Messaging\n component which has unknown impact and attack vectors.\");\n\n script_set_attribute(attribute:\"see_also\", value:\"http://www-1.ibm.com/support/docview.wss?uid=swg27007951#6107\");\n script_set_attribute(attribute:\"solution\", value:\"Apply Fix Pack 7 (6.1.0.7) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"websphere_detect.nasl\");\n script_require_ports(\"Services/www\", 8880, 8881);\n script_require_keys(\"www/WebSphere\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:8880);\n\n\nversion = get_kb_item(\"www/WebSphere/\"+port+\"/version\");\nif (isnull(version)) exit(1, \"Failed to extract the version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\nif (version =~ \"^[0-9]+(\\.[0-9]+)?$\")\n exit(1, \"Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (ver[0] == 6 && ver[1] == 1 && ver[2] == 0 && ver[3] < 7)\n{\n if (report_verbosity > 0)\n {\n source = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/source\");\n\n report = \n '\\n Source : ' + source + \n '\\n Installed version : ' + version +\n '\\n Fixed version : 6.1.0.7' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse exit(0, \"The WebSphere Application Server \"+version+\" instance listening on port \"+port+\" is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}