IBM WebSphere Application Server 6.1.0.x < 6.1.0.47 / 7.0.0.x < 7.0.0.31 / 8.0.0.x < 8.0.0.7 / 8.5.x < 8.5.5.1 Clickjacking (CVE-2013-1571)

##
# (C) Tenable Network Security, Inc.
##

include('compat.inc');

if (description)
{
  script_id(141918);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/11/30");

  script_cve_id("CVE-2017-1503");

  script_name(english:"IBM WebSphere Application Server 6.1.0.x < 6.1.0.47 / 7.0.0.x < 7.0.0.31 / 8.0.0.x < 8.0.0.7 / 8.5.x < 8.5.5.1 Clickjacking (CVE-2013-1571)");

  script_set_attribute(attribute:"synopsis", value:
"The remote web application server is affected by a clickjacking vulnerability");
  script_set_attribute(attribute:"description", value:
"The IBM WebSphere Application Server running on the remote host is version 6.1.0.x prior to 6.1.0.47, 7.0.0.x prior to
7.0.0.31, 8.0.0.x prior to 8.0.0.7, or 8.5.0.x prior to 8.5.5.1. It is, therefore, affected by a vulnerability in the
HTML documentation generated by the Javadoc tool. An unauthenticated, remote attacker can exploit this, by crafting a
malicious link to the documentation that injects arbitrary content into the main frame, in order to insert malicious
links or content that appear to originate from the site hosting the documentation.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/support/pages/node/497077");
  script_set_attribute(attribute:"solution", value:
"Upgrade to IBM WebSphere Application Server 7.0.0.31, 8.0.0.7, 8.5.5.1 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-1503");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/06/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/10/27");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("websphere_detect.nasl", "ibm_enum_products.nbin", "ibm_websphere_application_server_nix_installed.nbin");
  script_require_keys("installed_sw/IBM WebSphere Application Server", "Settings/ParanoidReport");

  exit(0);
}

include('vcf.inc');

# Requires HTML documentationn generated by the Javadoc tool
if (report_paranoia < 2)
  audit(AUDIT_PARANOID);

app = 'IBM WebSphere Application Server';

app_info = vcf::combined_get_app_info(app:app);
vcf::check_granularity(app_info:app_info, sig_segments:4);

constraints = [
  {'min_version':'6.1.0.0', 'max_version':'6.1.0.45', 'fixed_version':'6.1.0.47'},
  {'min_version':'7.0.0.0', 'max_version':'7.0.0.29', 'fixed_version':'7.0.0.31'},
  {'min_version':'8.0.0.0', 'max_version':'8.0.0.6', 'fixed_version':'8.0.0.7'},
  {'min_version':'8.5.0.0', 'max_version':'8.5.5.0', 'fixed_version':'8.5.5.1'}
];

vcf::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_WARNING
);