#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(324011);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/07/08");
script_cve_id("CVE-2026-9171", "CVE-2026-9322", "CVE-2026-50645");
script_name(english:"IBM WebSphere Application Server 8.5.x < 8.5.5.31 / 9.x < 9.0.5.29 / Liberty 17.0.0.3 < 26.0.0.8 (7278576)");
script_set_attribute(attribute:"synopsis", value:
"The remote web application server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of IBM WebSphere Application Server running on the remote host is affected by multiple vulnerabilities as
referenced in the 7278576 advisory.
- There is no restriction on the amount of attachment headers that a message can contain when being
deserialized by Apache CXF, which can lead to uncontrolled resource consumption or a denial of service
attack. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue by imposing a
maximum default of 500 attachments per message. (CVE-2026-50645)
- IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to a denial of
service via a crafted HTTP request. CWE: CWE-400: Uncontrolled Resource Consumption (CVE-2026-9322)
- IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to a denial of
service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability
to cause the server to consume memory resources. CWE: CWE-400: Uncontrolled Resource Consumption
(CVE-2026-9171)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/support/pages/node/7278576");
script_set_attribute(attribute:"solution", value:
"Update to IBM WebSphere Application Server version 8.5.5.31, 9.0.5.29, 26.0.0.8 Liberty or later. Alternatively, upgrade
to the minimal fix pack levels required by the interim fix and then apply Interim Fix PH71585 / PH71670.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-50645");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/12");
script_set_attribute(attribute:"patch_publication_date", value:"2026/06/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/07/01");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("websphere_detect.nasl", "ibm_enum_products.nbin", "ibm_websphere_application_server_nix_installed.nbin", "ibm_websphere_application_server_win_installed.nbin");
script_require_keys("installed_sw/IBM WebSphere Application Server");
exit(0);
}
include('vcf.inc');
var app = 'IBM WebSphere Application Server';
var app_info = vcf::combined_get_app_info(app:app);
vcf::check_granularity(app_info:app_info, sig_segments:4);
# If the detection is only remote, Source will be set, and we should require paranoia
var require_paranoid = FALSE;
if (!empty_or_null(app_info['Source']) && app_info['Source'] != 'unknown' && report_paranoia < 2)
require_paranoid = TRUE;
if ('PH71585' >< app_info['Fixes'] || 'PH71670' >< app_info['Fixes'])
audit(AUDIT_INST_VER_NOT_VULN, app);
var constraints = [
{ 'min_version' : '8.5.0.0', 'fixed_version' : '8.5.5.31', 'fixed_display' : '8.5.5.31 or Interim Fix PH71670' },
{ 'min_version' : '9.0.0.0', 'fixed_version' : '9.0.5.29', 'fixed_display' : '9.0.5.29 or Interim Fix PH71670' },
{ 'min_version' : '17.0.0.3', 'fixed_version' : '26.0.0.8', 'fixed_display' : '26.0.0.8 or Interim Fix PH71585' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
require_paranoia:require_paranoid,
severity:SECURITY_HOLE
);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation