CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
33.9%
The version of IBM WebSphere Application Server running on the remote host is 7.0 prior to 7.0.0.45, 8.0 prior to 8.0.0.14, 8.5 prior to 8.5.5.12, or 9.0 prior to 9.0.0.5. It is, therefore, affected by a cross-site scripting flaw because the Admin Console does not validate unspecified input before returning it to users. This may allow a remote attacker to create a specially crafted request that will execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(102199);
script_version("1.5");
script_cvs_date("Date: 2019/11/12");
script_cve_id("CVE-2017-1380");
script_bugtraq_id(99961);
script_name(english:"IBM WebSphere Application Server 7.0 < 7.0.0.45 / 8.0 < 8.0.0.14 / 8.5 < 8.5.5.12 / 9.0 < 9.0.0.5 Unspecified XSS (PI82078)");
script_summary(english:"Reads the version number from the SOAP and GIOP services.");
script_set_attribute(attribute:"synopsis", value:
"The remote web application server is affected by a cross-site
scripting vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of IBM WebSphere Application Server running on the remote
host is 7.0 prior to 7.0.0.45, 8.0 prior to 8.0.0.14, 8.5 prior to
8.5.5.12, or 9.0 prior to 9.0.0.5. It is, therefore, affected by a
cross-site scripting flaw because the Admin Console does not validate
unspecified input before returning it to users. This
may allow a remote attacker to create a specially crafted request
that will execute arbitrary script code in a user's browser
session within the trust relationship between their browser and
the server.");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22004786");
script_set_attribute(attribute:"solution", value:
"Apply IBM WebSphere Application Server version 7.0 Fix Pack 45
(7.0.0.45) (targeted availability 2Q 2018) / 8.0 Fix Pack 14
(8.0.0.14) (targeted availability 16 October 2017) / 8.5 Fix Pack 12
(8.5.5.12) / 9.0 Fix Pack 5 (9.0.0.5) (targeted availability
29 September 2017) or later. Alternatively, apply the appropriate
Interim Fix PI82078 as recommended in the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-1380");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/20");
script_set_attribute(attribute:"patch_publication_date", value:"2017/07/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/04");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("websphere_detect.nasl");
script_require_keys("www/WebSphere", "Settings/ParanoidReport");
script_require_ports("Services/www", 8880, 8881, 9001);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
port = get_http_port(default:8880, embedded:FALSE);
version = get_kb_item_or_exit("www/WebSphere/"+port+"/version");
source = get_kb_item_or_exit("www/WebSphere/"+port+"/source");
app_name = "IBM WebSphere Application Server";
if (version =~ "((^8(\.[05](\.[05])?)?)|(7(\.0(\.0)?)?)|(9(\.0(\.0)?)?))$")
audit(AUDIT_VER_NOT_GRANULAR, app_name, port, version);
fix = FALSE; # Fixed version for compare
min = FALSE; # Min version for branch
pck = FALSE; # Fix pack name (tacked onto fix in report)
itr = FALSE; #
if (version =~ "^7\.0\.")
{
fix = '7.0.0.45';
min = '7.0.0.0';
itr = 'PI82078';
pck = " (Fix Pack 45)";
}
else if (version =~ "^8\.0\.")
{
fix = '8.0.0.14';
min = '8.0.0.0';
itr = 'PI82078';
pck = " (Fix Pack 14)";
}
else if (version =~ "^8\.5\.")
{
fix = '8.5.5.12';
min = '8.5.0.0';
itr = 'PI82078';
pck = " (Fix Pack 12)";
}
else if (version =~ "^9\.0\.")
{
fix = '9.0.0.5';
min = '9.0.0.0';
itr = 'PI82078';
pck = " (Fix Pack 5)";
}
if (fix && min &&
ver_compare(ver:version, fix:fix, strict:FALSE) < 0 &&
ver_compare(ver:version, fix:min, strict:FALSE) >= 0
)
{
report =
'\n Version source : ' + source +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix + pck +
'\n Interim fixes : ' + itr +
'\n';
security_report_v4(port:port, severity:SECURITY_NOTE, extra:report, xss:TRUE);
}
else audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
33.9%