ID CVE-2008-7274 Type cve Reporter cve@mitre.org Modified 2011-02-15T05:00:00
Description
IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2) providing an empty password.
{"openvas": [{"lastseen": "2017-09-04T14:19:55", "bulletinFamily": "scanner", "description": "The host is running IBM WebSphere Application Server and is prone to security\n bypass vulnerability.", "modified": "2017-09-01T00:00:00", "published": "2011-02-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=902292", "id": "OPENVAS:902292", "title": "IBM WebSphere Application Server (WAS) Security Bypass Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ibm_was_sec_bypass_vuln.nasl 7044 2017-09-01 11:50:59Z teissa $\n#\n# IBM WebSphere Application Server (WAS) Security Bypass Vulnerability\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow an attacker to bypass the authentication\n process to and gain unauthorized access to the system with the privileges of\n the victim.\n Impact Level: Application\";\ntag_affected = \"IBM WAS Version 6.1.0.9\";\ntag_insight = \"The flaw is due to an error in invoking an internal login module, wlogin\n method, which is not properly handling an application hashtable login. This\n allows attackers to perform an internal application hashtable login by\n providing an empty password.\";\ntag_solution = \"Upgrade to IBM WAS version 6.1.0.15 or later,\n For updates refer to http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565\";\ntag_summary = \"The host is running IBM WebSphere Application Server and is prone to security\n bypass vulnerability.\";\n\nif(description)\n{\n script_id(902292);\n script_version(\"$Revision: 7044 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-01 13:50:59 +0200 (Fri, 01 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-23 12:24:37 +0100 (Wed, 23 Feb 2011)\");\n script_cve_id(\"CVE-2008-7274\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"IBM WebSphere Application Server (WAS) Security Bypass Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 SecPod\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_ibm_websphere_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nCPE = 'cpe:/a:ibm:websphere_application_server';\n\nif( ! vers = get_app_version( cpe:CPE, nofork:TRUE ) ) exit( 0 );\n\nif(version_is_equal(version: vers, test_version:\"6.1.0.9\")){\n report = report_fixed_ver( installed_version:vers, fixed_version:'6.1.0.10' );\n security_message(port:0, data:report);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:34", "bulletinFamily": "scanner", "description": "The host is running IBM WebSphere Application Server and is prone to security\n bypass vulnerability.", "modified": "2019-02-21T00:00:00", "published": "2011-02-23T00:00:00", "id": "OPENVAS:1361412562310902292", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902292", "title": "IBM WebSphere Application Server (WAS) Security Bypass Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ibm_was_sec_bypass_vuln.nasl 13803 2019-02-21 08:24:24Z cfischer $\n#\n# IBM WebSphere Application Server (WAS) Security Bypass Vulnerability\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902292\");\n script_version(\"$Revision: 13803 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-21 09:24:24 +0100 (Thu, 21 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-02-23 12:24:37 +0100 (Wed, 23 Feb 2011)\");\n script_cve_id(\"CVE-2008-7274\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"IBM WebSphere Application Server (WAS) Security Bypass Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 SecPod\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_ibm_websphere_detect.nasl\");\n script_mandatory_keys(\"ibm_websphere_application_server/installed\");\n\n script_xref(name:\"URL\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow an attacker to bypass the authentication\n process to and gain unauthorized access to the system with the privileges of the victim.\");\n\n script_tag(name:\"affected\", value:\"IBM WAS Version 6.1.0.9\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an error in invoking an internal login module, wlogin\n method, which is not properly handling an application hashtable login. This allows attackers to perform an\n internal application hashtable login by providing an empty password.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to IBM WAS version 6.1.0.15 or later.\");\n\n script_tag(name:\"summary\", value:\"The host is running IBM WebSphere Application Server and is prone to security\n bypass vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nCPE = \"cpe:/a:ibm:websphere_application_server\";\n\nif(!vers = get_app_version(cpe:CPE, nofork:TRUE))\n exit(0);\n\nif(version_is_equal(version:vers, test_version:\"6.1.0.9\")){\n report = report_fixed_ver(installed_version:vers, fixed_version:\"6.1.0.10\");\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2019-11-03T12:38:40", "bulletinFamily": "scanner", "description": "IBM WebSphere Application Server 6.1 before Fix Pack 15 appears to be\nrunning on the remote host. As such, it is reportedly affected by the\nfollowing vulnerabilities :\n\n - There is an as-yet unspecified security exposure in\n wsadmin (PK45726).\n\n - Sensitive information might appear in plaintext in the\n http_plugin.log file (PK48785).\n\n - There is an as-yet unspecified potential security\n exposure in the ", "modified": "2019-11-02T00:00:00", "id": "WEBSPHERE_6_1_0_15.NASL", "href": "https://www.tenable.com/plugins/nessus/45422", "published": "2010-04-05T00:00:00", "title": "IBM WebSphere Application Server < 6.1.0.15 Multiple Vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45422);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\"CVE-2008-0740\", \"CVE-2008-7274\");\n script_bugtraq_id(27400, 28216, 46449);\n script_xref(name:\"Secunia\", value:\"29335\");\n\n script_name(english:\"IBM WebSphere Application Server < 6.1.0.15 Multiple Vulnerabilities\");\n script_summary(english:\"Reads the version number from the SOAP port\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote application server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"IBM WebSphere Application Server 6.1 before Fix Pack 15 appears to be\nrunning on the remote host. As such, it is reportedly affected by the\nfollowing vulnerabilities :\n\n - There is an as-yet unspecified security exposure in\n wsadmin (PK45726).\n\n - Sensitive information might appear in plaintext in the\n http_plugin.log file (PK48785).\n\n - There is an as-yet unspecified potential security\n exposure in the 'PropFilePasswordEncoder' utility\n (PK52709).\n\n - There is an as-yet unspecified potential security\n exposure with 'serveServletsByClassnameEnabled'\n (PK52059).\n\n - Sensitive information may appear in plaintext in\n startserver.log (PK53198).\n\n - If Fix Pack 9 has been installed, attackers can perform\n an internal application hashtable login by either not\n providing a password or providing an empty password\n when the JAAS Login functionality is enabled.\n (PK54565)\");\n script_set_attribute(attribute:\"see_also\",value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21404665\");\n script_set_attribute(attribute:\"see_also\",value:\"http://www-01.ibm.com/support/docview.wss?uid=swg27009778\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-1.ibm.com/support/docview.wss?uid=swg27007951#61015\");\n script_set_attribute(attribute:\"solution\", value:\n\"If using WebSphere Application Server, apply Fix Pack 15 (6.1.0.15) or\nlater. \n\nOtherwise, if using embedded WebSphere Application Server packaged with\nTivoli Directory Server, apply the latest recommended eWAS fix pack.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"websphere_detect.nasl\");\n script_require_ports(\"Services/www\", 8880, 8881);\n script_require_keys(\"www/WebSphere\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:8880, embedded:FALSE);\n\n\nversion = get_kb_item(\"www/WebSphere/\"+port+\"/version\");\nif (isnull(version)) exit(1, \"Failed to extract the version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\nif (version =~ \"^[0-9]+(\\.[0-9]+)?$\")\n exit(1, \"Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (ver[0] == 6 && ver[1] == 1 && ver[2] == 0 && ver[3] < 15)\n{\n if (report_verbosity > 0)\n {\n source = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/source\");\n\n report =\n '\\n Source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 6.1.0.15' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse exit(0, \"The WebSphere Application Server \"+version+\" instance listening on port \"+port+\" is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}