Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.WEBSPHERE_9_0_0_2.NASL
HistoryNov 03, 2016 - 12:00 a.m.

IBM WebSphere Application Server 7.0 < 7.0.0.43 / 8.0 < 8.0.0.13 / 8.5 < 8.5.5.11 / 9.0 < 9.0.0.2 Multiple Vulnerabilities

2016-11-0300:00:00
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23
JSON

The IBM WebSphere Application Server running on the remote host is version 7.0 prior to 7.0.0.43, 8.0 prior to 8.0.0.13, 8.5 prior to 8.5.5.11, or 9.0 prior to 9.0.0.2. It is, therefore, affected by multiple vulnerabilities :

  • A remote code execution vulnerability exists due to improper sanitization user-supplied input when deserializing Java objects. An authenticated, remote attacker can exploit this, via a crafted serialized object, to execute arbitrary Java code. (CVE-2016-5983)

  • An information disclosure vulnerability exists due to improper handling of responses. An unauthenticated, remote attacker can exploit this to disclose sensitive server identification information. (CVE-2016-5986)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(94512);
  script_version("1.8");
  script_cvs_date("Date: 2019/11/22");

  script_cve_id("CVE-2016-5983", "CVE-2016-5986");
  script_bugtraq_id(93013, 93162);

  script_name(english:"IBM WebSphere Application Server 7.0 < 7.0.0.43 / 8.0 < 8.0.0.13 / 8.5 < 8.5.5.11 / 9.0 < 9.0.0.2 Multiple Vulnerabilities");
  script_summary(english:"Reads the version number from the SOAP and GIOP services.");

  script_set_attribute(attribute:"synopsis", value:
"The remote web application server is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The IBM WebSphere Application Server running on the remote host is
version 7.0 prior to 7.0.0.43, 8.0 prior to 8.0.0.13, 8.5 prior to
8.5.5.11, or 9.0 prior to 9.0.0.2. It is, therefore, affected by
multiple vulnerabilities :

  - A remote code execution vulnerability exists due to
    improper sanitization user-supplied input when
    deserializing Java objects. An authenticated, remote
    attacker can exploit this, via a crafted serialized
    object, to execute arbitrary Java code. (CVE-2016-5983)

  - An information disclosure vulnerability exists due to
    improper handling of responses. An unauthenticated,
    remote attacker can exploit this to disclose sensitive
    server identification information. (CVE-2016-5986)");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21990056");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21990060");
  script_set_attribute(attribute:"solution", value:
"Apply IBM WebSphere Application Server version 7.0 Fix Pack 43
(7.0.0.43) / 8.0 Fix Pack 13 (8.0.0.13) / 8.5 Fix Pack 11 (8.5.5.11) /
9.0 Fix Pack 2 (9.0.0.2) or later. Alternatively, apply Interim Fixes
PI67093 and PI70737.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/09/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/09/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/03");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("websphere_detect.nasl");
  script_require_keys("www/WebSphere", "Settings/ParanoidReport");
  script_require_ports("Services/www", 8880, 8881, 9001);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_http_port(default:8880, embedded:FALSE);

version = get_kb_item_or_exit("www/WebSphere/"+port+"/version");
source = get_kb_item_or_exit("www/WebSphere/"+port+"/source");

app_name = "IBM WebSphere Application Server";

if (version =~ "^([78]+((\.[0]+)?)|(8\.[5])|(9\.[0]))$")
  audit(AUDIT_VER_NOT_GRANULAR, app_name, port, version);

fix = FALSE; # Fixed version for compare
min = FALSE; # Min version for branch
pck = FALSE; # Fix pack name (tacked onto fix in report)
itr = FALSE; #

if (version =~ "^9\.0\.")
{
  fix = '9.0.0.2';
  min = '9.0.0.0';
  itr = 'PI67093, PI70737';
  pck = " (Fix Pack 2)";
}

else if (version =~ "^8\.5\.")
{
  fix = '8.5.5.11';
  min = '8.5.0.0';
  itr = 'PI67093, PI70737';
  pck = " (Fix Pack 11)";
}
else if (version =~ "^8\.0\.")
{
  fix = '8.0.0.13';
  min = '8.0.0.0';
  itr = 'PI67093, PI70737';
  pck = " (Fix Pack 13)";
}
else if (version =~ "^7\.0\.")
{
  fix = '7.0.0.43';
  min = '7.0.0.0';
  itr = 'PI67093, PI70737';
  pck = " (Fix Pack 43)";
}

if (fix && min &&
    ver_compare(ver:version, fix:fix, strict:FALSE) <  0 &&
    ver_compare(ver:version, fix:min, strict:FALSE) >= 0
)
{
  report =
    '\n  Version source    : ' + source  +
    '\n  Installed version : ' + version +
    '\n  Fixed version     : ' + fix + pck +
    '\n  Interim fixes     : ' + itr +
    '\n';
  security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);
}
else audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);
VendorProductVersionCPE
ibmwebsphere_application_servercpe:/a:ibm:websphere_application_server

Related

ibm 134
openvas 2
cve 2
prion 2
checkpoint_advisories 1
ibm
ibm
Security Bulletin: Security vulnerabilities have been identified in Websphere Application Server shipped with Predictive Customer Intelligence (CVE-2016-5983, CVE-2016-5986)
2020-02-11 21:31:00
Security Bulletin: Multiple security vulnerabilities has been identified in IBM Websphere Application Server shipped with IBM Security/Tivoli Directory Server (CVE-2016-5983 and CVE-2016-5986)
2018-06-16 21:58:56
Security Bulletin: Multiple Security Vulnerabilities have been identified in IBM Websphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On
2018-06-25 05:54:54
openvas
openvas
IBM Websphere Application Server Code Execution vulnerability Oct16
2016-10-13 00:00:00
IBM Websphere Application Server Potential Information Disclosure Vulnerability
2016-10-03 00:00:00
cve
cve
CVE-2016-5983
2016-10-05 10:59:00
CVE-2016-5986
2016-10-01 01:59:00
prion
prion
Information disclosure
2016-10-01 01:59:00
Code injection
2016-10-05 10:59:00
checkpoint_advisories
checkpoint_advisories
IBM WebSphere WASPostParam cookie Untrusted Java Deserialization (CVE-2016-5983)
2016-10-30 00:00:00
JSON
Related for WEBSPHERE_9_0_0_2.NASL
ibm134openvas2cve2prion2checkpoint_advisories1