IBM HTTP Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 < 8.5.5.23 / 9.0.0.0 < 9.0.5.14 Code Execution

🗓️ 29 Aug 2023 00:00:00Reported by TenableType

IBM HTTP Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 < 8.5.5.23 / 9.0.0.0 < 9.0.5.14 Code Executio

Reporter	Title	Published	Views	Family All 433
IBM Security Bulletins	Security Bulletin: Due to use of Expat library, IBM Tivoli Network Manager (ITNM) is vulnerable to arbitrary code execution [CVE-2022-40674]	16 Jan 202316:43	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server	30 Dec 202217:56	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2022-40674)	21 Oct 202206:57	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase [CVE-2022-40674, CVE-2022-43680]	31 Jan 202314:01	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Expat, SQlite, libxml2, Libksba, zlib and GnuTLS	30 Nov 202208:48	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.	6 Jan 202321:23	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insight v1.6.8 addresses multiple security vulnerabilities.	11 Apr 202311:47	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server (CVE-2022-40674)	27 Oct 202219:18	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security vulnerabilities fixed and shipped with IBM Security Verify Bridge (Docker version) (CVE-2022-2175, CVE-2022-2526, CVE-2022-40674, CVE-2022-3515)	7 Mar 202319:58	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM includes multiple components with known vulnerabilities	13 Feb 202313:10	–	ibm

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(180255);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/30");

  script_cve_id("CVE-2022-40674");

  script_name(english:"IBM HTTP Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 < 8.5.5.23 / 9.0.0.0 < 9.0.5.14 Code Execution");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by a code execution vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of IBM HTTP Server running on the remote host is affected by an arbitrary code execution vulnerability in
the Expat library.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://www.ibm.com/support/pages/security-bulletin-ibm-http-server-vulnerable-arbitrary-code-execution-due-expat-cve-2022-40674
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?30764d7c");
  script_set_attribute(attribute:"solution", value:
"Upgrade to IBM HTTP Server version 8.5.5.23, 9.0.5.41, or later. Alternatively, upgrade to the minimal fix pack levels
 required by the interim fix and then apply Interim Fix PH49572.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-40674");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/10/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/29");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:http_server");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ibm_http_server_nix_installed.nbin");
  script_require_keys("installed_sw/IBM HTTP Server (IHS)");

  exit(0);
}


include('vcf.inc');

app = 'IBM HTTP Server (IHS)';
fix = 'Interim Fix PH49572';

app_info = vcf::get_app_info(app:app);
vcf::check_granularity(app_info:app_info, sig_segments:4);

if ('PH49572' >< app_info['Fixes'])
  audit(AUDIT_INST_VER_NOT_VULN, app);

constraints = [
 { 'min_version' : '7.0.0.0', 'max_version' : '7.0.0.45', 'fixed_display' : fix },
 { 'min_version' : '8.0.0.0', 'max_version' : '8.0.0.15', 'fixed_display' : fix },
 { 'min_version' : '8.5.0.0', 'max_version' : '8.5.5.22', 'fixed_display' : '8.5.5.23 or ' + fix },
 { 'min_version' : '9.0.0.0', 'max_version' : '9.0.5.13', 'fixed_display' : '9.0.5.14 or ' + fix }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

30 Aug 2023 00:00Current

8.3High risk

Vulners AI Score8.3

CVSS 3.18.1

EPSS0.01628

SSVC