Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.WEBSPHERE_8_5_5_5.NASL
HistoryMay 08, 2015 - 12:00 a.m.

IBM WebSphere Application Server Multiple Vulnerabilities

2015-05-0800:00:00
This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23
JSON

The IBM WebSphere Application Server running on the remote host is version 6.1.0.47 / 7.0.0.37 / 8.0.0.10 / 8.5.5.5 or prior. It is, therefore, affected by multiple vulnerabilities :

  • An information disclosure vulnerability exists in the SNMP component due to improper handling of configuration data. An authenticated, remote attacker can exploit this disclose sensitive information. (CVE-2015-0174)

  • An unspecified flaw exists in the liberty profile due to improper handling of authData elements. An authenticated, remote attacker can exploit this to gain elevated privileges. (CVE-2015-0175)

  • An unspecified flaw exists in the liberty profile that is triggered when the run-as user for EJB is not honored under multi-threaded race conditions. An authenticated, remote attacker can exploit this to gain elevated privileges. (CVE-2015-1882)

  • A flaw exists that allows a remote attacker to execute arbitrary code by connecting to a management port using a specific sequence of instructions. (CVE-2015-1920)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(83290);
  script_version("1.8");
  script_cvs_date("Date: 2019/11/22");

  script_cve_id(
    "CVE-2015-0174",
    "CVE-2015-0175",
    "CVE-2015-1882",
    "CVE-2015-1920"
  );
  script_bugtraq_id(
    74215,
    74222,
    74223,
    74439
  );

  script_name(english:"IBM WebSphere Application Server Multiple Vulnerabilities");
  script_summary(english:"Reads the version number from the SOAP port.");

  script_set_attribute(attribute:"synopsis", value:
"The remote application server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The IBM WebSphere Application Server running on the remote host is
version 6.1.0.47 / 7.0.0.37 / 8.0.0.10 / 8.5.5.5 or prior. It is,
therefore, affected by multiple vulnerabilities :

  - An information disclosure vulnerability exists in the
    SNMP component due to improper handling of configuration
    data. An authenticated, remote attacker can exploit this
    disclose sensitive information. (CVE-2015-0174)

  - An unspecified flaw exists in the liberty profile due to
    improper handling of authData elements. An
    authenticated, remote attacker can exploit this to gain
    elevated privileges. (CVE-2015-0175)

  - An unspecified flaw exists in the liberty profile that
    is triggered when the run-as user for EJB is not honored
    under multi-threaded race conditions. An authenticated,
    remote attacker can exploit this to gain elevated
    privileges. (CVE-2015-1882)

  - A flaw exists that allows a remote attacker to execute
    arbitrary code by connecting to a management port using
    a specific sequence of instructions. (CVE-2015-1920)");
  script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21883573");
  script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21697368");
  script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg24039898");
  script_set_attribute(attribute:"solution", value:
"Apply Interim Fix PI38302.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-1920");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/04/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/08");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("websphere_detect.nasl");
  script_require_keys("www/WebSphere", "Settings/ParanoidReport");
  script_require_ports("Services/www", 8880, 8881);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_http_port(default:8880, embedded:0);

version = get_kb_item_or_exit("www/WebSphere/"+port+"/version");
source = get_kb_item_or_exit("www/WebSphere/"+port+"/source");

app_name = "IBM WebSphere Application Server";

if (version =~ "^[0-9]+(\.[0-9]+)?$")
  audit(AUDIT_VER_NOT_GRANULAR, app_name, port, version);

if (version =~ "^8\.5\.5\.")
{
  cutoff = '8.5.5.5';
  minimum = '8.5.5.0';
}
else if (version =~ "^8\.5\.0\.")
{
  cutoff = '8.5.0.2';
  minimum = '8.5.0.0';
}
else if (version =~ "^8\.0\.")
{
  cutoff = '8.0.0.10';
  minimum = '8.0.0.3';
}
else if (version =~ "^7\.0\.")
{
  cutoff = '7.0.0.37';
  minimum = '7.0.0.21';
}
else if (version =~ "^6\.1\.")
{
  cutoff = '6.1.0.47';
  minimum = '6.1.0.47';
}
else cutoff = NULL;

if (!isnull(cutoff) && ver_compare(ver:version, fix:cutoff, strict:FALSE) <= 0)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Version source    : ' + source +
      '\n  Installed version : ' + version +
      '\n  Minimum fix pack  : ' + minimum +
      '\n  Interim fix       : PI38302' +
      '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);
VendorProductVersionCPE
ibmwebsphere_application_servercpe:/a:ibm:websphere_application_server

Related

openvas 3
nessus 2
ibm 43
prion 4
cve 4
openvas
openvas
IBM Websphere Application Server Multiple Vulnerabilities-04 (Mar 2016)
2016-03-21 00:00:00
IBM WebSphere Application Server Remote Code Execution Vulnerability
2015-06-03 00:00:00
IBM Websphere Application Server Arbitrary Code Execution Vulnerability (Feb 2016)
2016-02-19 00:00:00
nessus
nessus
IBM WebSphere Application Server 8.5.5.x < 8.5.5.5 Multiple Vulnerabilities
2017-04-04 00:00:00
IBM WebSphere Application Server 7.0 < 7.0.0.39 Multiple Vulnerabilities (FREAK)
2016-10-26 00:00:00
ibm
ibm
Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.5
2022-09-08 00:26:26
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2015-1920)
2018-06-15 07:03:14
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Business Compass (CVE-2015-1920)
2018-06-23 04:04:04
prion
prion
Race condition
2015-04-27 12:59:00
Session fixation
2015-05-20 00:59:00
Design/Logic Flaw
2015-04-27 12:59:00
cve
cve
CVE-2015-1882
2015-04-27 12:59:00
CVE-2015-1920
2015-05-20 00:59:00
CVE-2015-0175
2015-04-27 12:59:00
JSON
Related for WEBSPHERE_8_5_5_5.NASL
openvas3nessus2ibm43prion4cve4