Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.WEBSPHERE_6_1_0_23.NASL
HistoryApr 15, 2009 - 12:00 a.m.

IBM WebSphere Application Server < 6.1.0.23 Multiple Flaws

2009-04-1500:00:00
This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
www.tenable.com
31

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.469 Medium

EPSS

Percentile

97.5%

JSON

IBM WebSphere Application Server 6.1 before Fix Pack 23 appears to be installed on the remote host. Such versions are reportedly affected by multiple vulnerabilities :

  • Provided an attacker has valid credentials, it may be possible to hijack an authenticated session. (PK66676)

  • It may be possible for a remote attacker to redirect users to arbitrary sites using ibm_security_logout servlet. (PK71126)

  • Under certain conditions it may be possible to access administrative console user sessions. (PK74966)

  • If APAR PK41002 has been applied, a vulnerability in the JAX-RPC WS-Security component could incorrectly validate ‘UsernameToken’. (PK75992)

  • Sample applications shipped with IBM WebSphere Application Server are affected by cross-site scripting vulnerabilities. (PK76720)

  • The administrative console is affected by a cross-site scripting vulnerability. (PK77505)

  • It may be possible for an attacker to read arbitrary application-specific war files. (PK81387)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(36161);
  script_version("1.18");
  script_cvs_date("Date: 2018/08/06 14:03:16");

  script_cve_id(
    "CVE-2008-4284",
    "CVE-2009-0508",
    "CVE-2009-0855",
    "CVE-2009-0856",
    "CVE-2009-0891",
    "CVE-2009-0892",
    "CVE-2009-1172"
  );
  script_bugtraq_id(34330, 34501, 34502, 35610);
  script_xref(name:"Secunia", value:"33729");
  script_xref(name:"Secunia", value:"34131");
  script_xref(name:"Secunia", value:"34283");

  script_name(english:"IBM WebSphere Application Server < 6.1.0.23 Multiple Flaws");
  script_summary(english:"Reads the version number from the SOAP port");

  script_set_attribute(attribute:"synopsis", value:
"The remote application server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"IBM WebSphere Application Server 6.1 before Fix Pack 23 appears to
be installed on the remote host.  Such versions are reportedly affected
by multiple vulnerabilities :

  - Provided an attacker has valid credentials, it may be
    possible to hijack an authenticated session. (PK66676)

  - It may be possible for a remote attacker to redirect
    users to arbitrary sites using ibm_security_logout
    servlet. (PK71126)

  - Under certain conditions it may be possible to access
    administrative console user sessions. (PK74966)

  - If APAR PK41002 has been applied, a vulnerability in
    the JAX-RPC WS-Security component could incorrectly
    validate 'UsernameToken'. (PK75992)

  - Sample applications shipped with IBM WebSphere
    Application Server are affected by cross-site scripting
    vulnerabilities. (PK76720)

  - The administrative console is affected by a cross-site
    scripting vulnerability. (PK77505)

  - It may be possible for an attacker to read arbitrary
    application-specific war files. (PK81387)");

  script_set_attribute(attribute:"see_also",value:"http://www-01.ibm.com/support/docview.wss?uid=swg21404665");
  script_set_attribute(attribute:"see_also",value:"http://www-01.ibm.com/support/docview.wss?uid=swg27009778");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21367223");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27007951#61023");
  script_set_attribute(attribute:"solution", value:
"If using WebSphere Application Server, apply Fix Pack 23 (6.1.0.23) or
later. 

Otherwise, if using embedded WebSphere Application Server packaged with
Tivoli Directory Server, apply the latest recommended eWAS fix pack.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(20, 59, 79, 200, 287);

  script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/03/23");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");

  script_dependencies("websphere_detect.nasl");
  script_require_ports("Services/www", 8880, 8881);
  script_require_keys("www/WebSphere");

  exit(0);
}


include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:8880);


version = get_kb_item("www/WebSphere/"+port+"/version");
if (isnull(version)) exit(1, "Failed to extract the version from the IBM WebSphere Application Server instance listening on port " + port + ".");
if (version =~ "^[0-9]+(\.[0-9]+)?$")
  exit(1, "Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port " + port + ".");

ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

if (ver[0] == 6 && ver[1] == 1 && ver[2] == 0 && ver[3] < 23)
{
  if (report_verbosity > 0)
  {
    source = get_kb_item_or_exit("www/WebSphere/"+port+"/source");

    report =
      '\n  Source            : ' + source +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 6.1.0.23' +
      '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else exit(0, "The WebSphere Application Server "+version+" instance listening on port "+port+" is not affected.");
VendorProductVersionCPE
ibmwebsphere_application_servercpe:/a:ibm:websphere_application_server

Related

nessus 2
cve 7
prion 7
nvd 7
cvelist 7
checkpoint_advisories 1
packetstorm 1
nessus
nessus
IBM WebSphere Application Server 7.0 < Fix Pack 3
2009-04-10 00:00:00
IBM WebSphere Application Server < 6.0.2.33 Multiple Vulnerabilities
2009-04-10 00:00:00
cve
cve
CVE-2009-0855
2009-03-09 21:30:00
CVE-2009-0892
2009-03-31 14:09:53
CVE-2008-4284
2009-02-10 22:30:00
prion
prion
Cross site scripting
2009-03-09 21:30:00
Code injection
2009-03-16 19:30:00
Open redirect
2009-02-10 22:30:00
nvd
nvd
CVE-2009-0855
2009-03-09 21:30:00
CVE-2009-0508
2009-03-16 19:30:00
CVE-2009-0892
2009-03-31 14:09:53
cvelist
cvelist
CVE-2009-0892
2009-03-31 10:00:00
CVE-2009-0508
2009-03-16 19:00:00
CVE-2008-4284
2009-02-10 22:13:00
checkpoint_advisories
checkpoint_advisories
IBM WebSphere Application Server Cross-Site Scripting - Ver2 (CVE-2009-0855)
2014-03-31 00:00:00
packetstorm
packetstorm
IBM Websphere Application Server 7.0 Cross Site Scripting
2022-12-02 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.469 Medium

EPSS

Percentile

97.5%

JSON
Related for WEBSPHERE_6_1_0_23.NASL
nessus2cve7prion7nvd7cvelist7checkpoint_advisories1packetstorm1