Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.WEBSPHERE_8_5_5_10.NASL
HistoryDec 29, 2016 - 12:00 a.m.

IBM WebSphere Application Server 7.0 < 7.0.0.43 / 8.0 < 8.0.0.13 / 8.5 < 8.5.5.10 Information Disclosure

2016-12-2900:00:00
This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
www.tenable.com
35
JSON

The version of the IBM WebSphere Application Server running on the remote host is 7.0 prior to 7.0.0.43, 8.0 prior to 8.0.0.13, or 8.5 prior to 8.5.5.10. It is, therefore, affected by an information disclosure vulnerability in the Administrative Console due to improperly setting the CSRFtoken cookie. An authenticated, remote attacker can exploit this to disclose sensitive information.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(96178);
  script_version("1.3");
  script_cvs_date("Date: 2018/08/06 14:03:16");

  script_cve_id("CVE-2016-0377");
  script_bugtraq_id(92514);

  script_name(english:"IBM WebSphere Application Server 7.0 < 7.0.0.43 / 8.0 < 8.0.0.13 / 8.5 < 8.5.5.10 Information Disclosure");
  script_summary(english:"Reads the version number from the SOAP and GIOP services.");

  script_set_attribute(attribute:"synopsis", value:
"The remote web application server is affected by an information
disclosure vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of the IBM WebSphere Application Server running on the
remote host is 7.0 prior to 7.0.0.43, 8.0 prior to 8.0.0.13, or 8.5
prior to 8.5.5.10. It is, therefore, affected by an information
disclosure vulnerability in the Administrative Console due to
improperly setting the CSRFtoken cookie. An authenticated, remote
attacker can exploit this to disclose sensitive information.");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21980645");
  script_set_attribute(attribute:"solution", value:
"Apply IBM WebSphere Application Server version 7.0 Fix Pack 43
(7.0.0.43) / 8.0 Fix Pack 13 (8.0.0.13) / 8.5 Fix Pack 10 (8.5.5.10) or 
later. Alternatively, apply the appropriate Interim Fixes as
recommended in the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/08/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/29");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");

  script_dependencies("websphere_detect.nasl");
  script_require_ports("Services/www", 8880, 8881, 9001);
  script_require_keys("www/WebSphere", "Settings/ParanoidReport");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_http_port(default:8880, embedded:FALSE);

version = get_kb_item_or_exit("www/WebSphere/"+port+"/version");
source = get_kb_item_or_exit("www/WebSphere/"+port+"/source");

app_name = "IBM WebSphere Application Server";

if (version =~ "^(([78])((\.[0]+)?)|(8\.[5]))$")
  audit(AUDIT_VER_NOT_GRANULAR, app_name, port, version);

fix = FALSE; # Fixed version for compare
min = FALSE; # Min version for branch
pck = FALSE; # Fix pack name (tacked onto fix in report)
itr = 'PI56917'; # Interim fix (same for all versions for this vuln)

if (version =~ "^8\.5\.")
{
  fix = '8.5.5.10';
  min = '8.5.0.0';
  pck = " (Fix Pack 10)";
}
else if (version =~ "^8\.0\.")
{
  fix = '8.0.0.13';
  min = '8.0.0.0';
  pck = " (Fix Pack 13)";
}
else if (version =~ "^7\.0\.")
{
  fix = '7.0.0.43';
  min = '7.0.0.0';
  pck = " (Fix Pack 43)";
}

if (fix && min && ver_compare(ver:version, fix:fix, minver:min, strict:FALSE) < 0)
{
  report =
    '\n  Version source    : ' + source  +
    '\n  Installed version : ' + version +
    '\n  Fixed version     : ' + fix + pck +
    '\n  Interim fixes     : ' + itr +
    '\n';
  security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);
}
else audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);
VendorProductVersionCPE
ibmwebsphere_application_servercpe:/a:ibm:websphere_application_server

Related

ibm 39
prion 1
cve 1
nessus 1
ibm
ibm
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2016-0377)
2018-06-17 12:16:57
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Partner Gateway Advanced/Enterprise Edition(CVE-2016-0377)
2018-06-16 20:04:31
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2016-0377)
2018-06-17 15:28:03
prion
prion
Information disclosure
2016-10-22 03:59:00
cve
cve
CVE-2016-0377
2016-10-22 03:59:00
nessus
nessus
IBM WebSphere Application Server 7.0 < 7.0.0.41 Multiple Vulnerabilities
2016-10-26 00:00:00
JSON
Related for WEBSPHERE_8_5_5_10.NASL
ibm39prion1cve1nessus1