WebSphere Application Server < 6.0.2.25 Multiple Vulnerabilities
2008-01-22T00:00:00
ID 4355.PRM Type nessus Reporter Tenable Modified 2019-03-06T00:00:00
Description
The remote server is a WebSphere application server.
This version is reported to be vulnerable to a number of flaws. First, there is a reported flaw in the way that the administrative console monitors role users. Second, there is a buffer overflow in the default messaging component. Third, there is an unspecified flaw in the Java Transaction service. Fourth, there is an information disclosure flaw in the 'http_plugin.log' file. Fifth, there is an information disclosure flaw in the 'PropFilePasswordEncoder' utility. The details of these flaws are currently unknown; however, the vendor has released a patch to address these issues.
Binary data 4355.prm
{"id": "4355.PRM", "type": "nessus", "bulletinFamily": "scanner", "title": "WebSphere Application Server < 6.0.2.25 Multiple Vulnerabilities", "description": "The remote server is a WebSphere application server.\nThis version is reported to be vulnerable to a number of flaws. First, there is a reported flaw in the way that the administrative console monitors role users. Second, there is a buffer overflow in the default messaging component. Third, there is an unspecified flaw in the Java Transaction service. Fourth, there is an information disclosure flaw in the 'http_plugin.log' file. Fifth, there is an information disclosure flaw in the 'PropFilePasswordEncoder' utility. The details of these flaws are currently unknown; however, the vendor has released a patch to address these issues.", "published": "2008-01-22T00:00:00", "modified": "2019-03-06T00:00:00", "cvss": {"score": 5.8, "vector": "CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 6.3, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "href": "https://www.tenable.com/plugins/nnm/4355", "reporter": "Tenable", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0741", "http://www.securityfocus.com/bid/27400", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0740"], "cvelist": ["CVE-2008-0740", "CVE-2008-0741"], "immutableFields": [], "lastseen": "2021-08-19T13:11:13", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0740", "CVE-2008-0741"]}, {"type": "nessus", "idList": ["4424.PRM", "WEBSPHERE_6_0_2_25.NASL", "WEBSPHERE_6_1_0_15.NASL"]}], "rev": 4}, "score": {"value": 5.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2008-0740", "CVE-2008-0741"]}, {"type": "nessus", "idList": ["4424.PRM"]}]}, "exploitation": null, "vulnersScore": 5.0}, "pluginID": "4355", "sourceData": "Binary data 4355.prm", "naslFamily": "Web Servers", "cpe": ["cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*"], "solution": "Upgrade or patch according to vendor recommendations.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 0}}
{"nessus": [{"lastseen": "2021-10-18T14:03:38", "description": "IBM WebSphere Application Server 6.0.x before Fix Pack 25 appears to be running on the remote host. Such versions are reportedly affected by multiple vulnerabilities. \n\n - An unspecified vulnerability in the Administrative Console involving monitor role users. (PK45768)\n\n - WebSphere Application Server writes unspecified plaintext information to 'http_plugin.log' which might allow attackers to obtain sensitive information.\n (PK48785)\n\n - An unspecified vulnerability in the 'PropFilePasswordEncoder' utility. (PK52709)\n\n - A header buffer-handling vulnerability with unspecified impact. (PK57746)\n\n - An unspecified vulnerability in the 'UOWManager'.\n (PK51392)", "cvss3": {"score": null, "vector": null}, "published": "2010-04-05T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server 6.0 < 6.0.2.25 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-6679", "CVE-2008-0740", "CVE-2008-0741"], "modified": "2018-08-06T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_6_0_2_25.NASL", "href": "https://www.tenable.com/plugins/nessus/45419", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45419);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\"CVE-2007-6679\", \"CVE-2008-0740\", \"CVE-2008-0741\");\n script_bugtraq_id(27400);\n script_xref(name:\"Secunia\", value:\"28588\");\n\n script_name(english:\"IBM WebSphere Application Server 6.0 < 6.0.2.25 Multiple Vulnerabilities\");\n script_summary(english:\"Reads the version number from the SOAP port\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote application server is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"IBM WebSphere Application Server 6.0.x before Fix Pack 25 appears to\nbe running on the remote host. Such versions are reportedly affected\nby multiple vulnerabilities. \n\n - An unspecified vulnerability in the Administrative\n Console involving monitor role users. (PK45768)\n\n - WebSphere Application Server writes unspecified\n plaintext information to 'http_plugin.log' which might\n allow attackers to obtain sensitive information.\n (PK48785)\n\n - An unspecified vulnerability in the \n 'PropFilePasswordEncoder' utility. (PK52709)\n\n - A header buffer-handling vulnerability with unspecified\n impact. (PK57746)\n\n - An unspecified vulnerability in the 'UOWManager'.\n (PK51392)\");\n \n script_set_attribute(attribute:\"see_also\", value:\"http://www-1.ibm.com/support/docview.wss?uid=swg27006876#60225\");\n script_set_attribute(attribute:\"solution\", value:\"Apply Fix Pack 25 (6.0.2.25) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/12/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"websphere_detect.nasl\");\n script_require_ports(\"Services/www\", 8880, 8881);\n script_require_keys(\"www/WebSphere\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:8880);\n\n\nversion = get_kb_item(\"www/WebSphere/\"+port+\"/version\");\nif (isnull(version)) exit(1, \"Failed to extract the version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\nif (version =~ \"^[0-9]+(\\.[0-9]+)?$\")\n exit(1, \"Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (\n (ver[0] == 6 && ver[1] == 0 && ver[2] < 2) ||\n (ver[0] == 6 && ver[1] == 0 && ver[2] == 2 && ver[3] < 25)\n)\n{\n if (report_verbosity > 0)\n {\n source = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/source\");\n\n report = \n '\\n Source : ' + source + \n '\\n Installed version : ' + version +\n '\\n Fixed version : 6.0.2.25' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse exit(0, \"The WebSphere Application Server \"+version+\" instance listening on port \"+port+\" is not affected.\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:10:57", "description": "IBM WebSphere Application Server 6.1 before Fix Pack 15 appears to be running on the remote host. Such versions are reportedly affected by the following vulnerabilities :\n\n - There is an unspecified security exposure in wsadmin (PK45726).\n\n - Sensitive information might appear in clear text in the http_plugin.log file (PK48785).\n\n - There is an unspecified potential security exposure in the 'PropFilePasswordEncoder' utility (PK52709).\n\n - There is an unspecified potential security exposure with 'serveServletsByClassnameEnabled' (PK52059).\n\n - Sensitive information may appear in plain text in startserver.log (PK53198).", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2008-03-12T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server < 6.1.0.15 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0740", "CVE-2008-7274"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*"], "id": "4424.PRM", "href": "https://www.tenable.com/plugins/nnm/4424", "sourceData": "Binary data 4424.prm", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-18T14:03:31", "description": "IBM WebSphere Application Server 6.1 before Fix Pack 15 appears to be running on the remote host. As such, it is reportedly affected by the following vulnerabilities :\n\n - There is an as-yet unspecified security exposure in wsadmin (PK45726).\n\n - Sensitive information might appear in plaintext in the http_plugin.log file (PK48785).\n\n - There is an as-yet unspecified potential security exposure in the 'PropFilePasswordEncoder' utility (PK52709).\n\n - There is an as-yet unspecified potential security exposure with 'serveServletsByClassnameEnabled' (PK52059).\n\n - Sensitive information may appear in plaintext in startserver.log (PK53198).\n\n - If Fix Pack 9 has been installed, attackers can perform an internal application hashtable login by either not providing a password or providing an empty password when the JAAS Login functionality is enabled.\n (PK54565)", "cvss3": {"score": null, "vector": null}, "published": "2010-04-05T00:00:00", "type": "nessus", "title": "IBM WebSphere Application Server < 6.1.0.15 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2008-0740", "CVE-2008-7274"], "modified": "2018-08-06T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_6_1_0_15.NASL", "href": "https://www.tenable.com/plugins/nessus/45422", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45422);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\"CVE-2008-0740\", \"CVE-2008-7274\");\n script_bugtraq_id(27400, 28216, 46449);\n script_xref(name:\"Secunia\", value:\"29335\");\n\n script_name(english:\"IBM WebSphere Application Server < 6.1.0.15 Multiple Vulnerabilities\");\n script_summary(english:\"Reads the version number from the SOAP port\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote application server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"IBM WebSphere Application Server 6.1 before Fix Pack 15 appears to be\nrunning on the remote host. As such, it is reportedly affected by the\nfollowing vulnerabilities :\n\n - There is an as-yet unspecified security exposure in\n wsadmin (PK45726).\n\n - Sensitive information might appear in plaintext in the\n http_plugin.log file (PK48785).\n\n - There is an as-yet unspecified potential security\n exposure in the 'PropFilePasswordEncoder' utility\n (PK52709).\n\n - There is an as-yet unspecified potential security\n exposure with 'serveServletsByClassnameEnabled'\n (PK52059).\n\n - Sensitive information may appear in plaintext in\n startserver.log (PK53198).\n\n - If Fix Pack 9 has been installed, attackers can perform\n an internal application hashtable login by either not\n providing a password or providing an empty password\n when the JAAS Login functionality is enabled.\n (PK54565)\");\n script_set_attribute(attribute:\"see_also\",value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21404665\");\n script_set_attribute(attribute:\"see_also\",value:\"http://www-01.ibm.com/support/docview.wss?uid=swg27009778\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-1.ibm.com/support/docview.wss?uid=swg27007951#61015\");\n script_set_attribute(attribute:\"solution\", value:\n\"If using WebSphere Application Server, apply Fix Pack 15 (6.1.0.15) or\nlater. \n\nOtherwise, if using embedded WebSphere Application Server packaged with\nTivoli Directory Server, apply the latest recommended eWAS fix pack.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/03/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/04/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"websphere_detect.nasl\");\n script_require_ports(\"Services/www\", 8880, 8881);\n script_require_keys(\"www/WebSphere\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:8880, embedded:FALSE);\n\n\nversion = get_kb_item(\"www/WebSphere/\"+port+\"/version\");\nif (isnull(version)) exit(1, \"Failed to extract the version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\nif (version =~ \"^[0-9]+(\\.[0-9]+)?$\")\n exit(1, \"Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (ver[0] == 6 && ver[1] == 1 && ver[2] == 0 && ver[3] < 15)\n{\n if (report_verbosity > 0)\n {\n source = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/source\");\n\n report =\n '\\n Source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 6.1.0.15' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse exit(0, \"The WebSphere Application Server \"+version+\" instance listening on port \"+port+\" is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T11:42:51", "description": "Unspecified vulnerability in the PropFilePasswordEncoder utility in IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) has unknown impact and attack vectors.", "cvss3": {}, "published": "2008-02-13T01:00:00", "type": "cve", "title": "CVE-2008-0741", "cwe": ["NVD-CWE-noinfo", "CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0741"], "modified": "2011-03-08T03:05:00", "cpe": ["cpe:/a:ibm:websphere_application_server:6.0.2.24"], "id": "CVE-2008-0741", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0741", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ibm:websphere_application_server:6.0.2.24:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:42:51", "description": "IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) and 6.1 before Fix Pack 15 (6.1.0.15) writes unspecified cleartext information to http_plugin.log, which might allow local users to obtain sensitive information by reading this file.", "cvss3": {}, "published": "2008-02-13T01:00:00", "type": "cve", "title": "CVE-2008-0740", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-0740"], "modified": "2011-03-08T03:05:00", "cpe": ["cpe:/a:ibm:websphere_application_server:6.0.2.24"], "id": "CVE-2008-0740", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0740", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:ibm:websphere_application_server:6.0.2.24:*:*:*:*:*:*:*"]}]}
