Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.WEBSPHERE_CVE-2017-1380.NASL
HistoryAug 04, 2017 - 12:00 a.m.

IBM WebSphere Application Server 7.0 < 7.0.0.45 / 8.0 < 8.0.0.14 / 8.5 < 8.5.5.12 / 9.0 < 9.0.0.5 Unspecified XSS (PI82078)

2017-08-0400:00:00
This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
55

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

33.9%

JSON

The version of IBM WebSphere Application Server running on the remote host is 7.0 prior to 7.0.0.45, 8.0 prior to 8.0.0.14, 8.5 prior to 8.5.5.12, or 9.0 prior to 9.0.0.5. It is, therefore, affected by a cross-site scripting flaw because the Admin Console does not validate unspecified input before returning it to users. This may allow a remote attacker to create a specially crafted request that will execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(102199);
  script_version("1.5");
  script_cvs_date("Date: 2019/11/12");

  script_cve_id("CVE-2017-1380");
  script_bugtraq_id(99961);

  script_name(english:"IBM WebSphere Application Server 7.0 < 7.0.0.45 / 8.0 < 8.0.0.14 / 8.5 < 8.5.5.12 / 9.0 < 9.0.0.5 Unspecified XSS (PI82078)");
  script_summary(english:"Reads the version number from the SOAP and GIOP services.");

  script_set_attribute(attribute:"synopsis", value:
"The remote web application server is affected by a cross-site
scripting vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of IBM WebSphere Application Server running on the remote
host is 7.0 prior to 7.0.0.45, 8.0 prior to 8.0.0.14, 8.5 prior to
8.5.5.12, or 9.0 prior to 9.0.0.5. It is, therefore, affected by a
cross-site scripting flaw because the Admin Console does not validate
unspecified input before returning it to users. This
may allow a remote attacker to create a specially crafted request
that will execute arbitrary script code in a user's browser
session within the trust relationship between their browser and
the server.");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg22004786");
  script_set_attribute(attribute:"solution", value:
"Apply IBM WebSphere Application Server version 7.0 Fix Pack 45
(7.0.0.45) (targeted availability 2Q 2018) / 8.0 Fix Pack 14
(8.0.0.14) (targeted availability 16 October 2017) / 8.5 Fix Pack 12
(8.5.5.12) / 9.0 Fix Pack 5 (9.0.0.5) (targeted availability
29 September 2017) or later. Alternatively, apply the appropriate
Interim Fix PI82078 as recommended in the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-1380");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/07/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/04");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("websphere_detect.nasl");
  script_require_keys("www/WebSphere", "Settings/ParanoidReport");
  script_require_ports("Services/www", 8880, 8881, 9001);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_http_port(default:8880, embedded:FALSE);

version = get_kb_item_or_exit("www/WebSphere/"+port+"/version");
source = get_kb_item_or_exit("www/WebSphere/"+port+"/source");

app_name = "IBM WebSphere Application Server";

if (version =~ "((^8(\.[05](\.[05])?)?)|(7(\.0(\.0)?)?)|(9(\.0(\.0)?)?))$")
  audit(AUDIT_VER_NOT_GRANULAR, app_name, port, version);

fix = FALSE; # Fixed version for compare
min = FALSE; # Min version for branch
pck = FALSE; # Fix pack name (tacked onto fix in report)
itr = FALSE; #
if (version =~ "^7\.0\.")
{
  fix = '7.0.0.45';
  min = '7.0.0.0';
  itr = 'PI82078';
  pck = " (Fix Pack 45)";
}
else if (version =~ "^8\.0\.")
{
  fix = '8.0.0.14';
  min = '8.0.0.0';
  itr = 'PI82078';
  pck = " (Fix Pack 14)";
}
else if (version =~ "^8\.5\.")
{
  fix = '8.5.5.12';
  min = '8.5.0.0';
  itr = 'PI82078';
  pck = " (Fix Pack 12)";
}
else if (version =~ "^9\.0\.")
{
  fix = '9.0.0.5';
  min = '9.0.0.0';
  itr = 'PI82078';
  pck = " (Fix Pack 5)";
}

if (fix && min &&
    ver_compare(ver:version, fix:fix, strict:FALSE) <  0 &&
    ver_compare(ver:version, fix:min, strict:FALSE) >= 0
)
{
  report =
    '\n  Version source    : ' + source  +
    '\n  Installed version : ' + version +
    '\n  Fixed version     : ' + fix + pck +
    '\n  Interim fixes     : ' + itr +
    '\n';
  security_report_v4(port:port, severity:SECURITY_NOTE, extra:report, xss:TRUE);
}
else audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);
VendorProductVersionCPE
ibmwebsphere_application_servercpe:/a:ibm:websphere_application_server

Related

ibm 42
prion 1
nvd 1
cve 1
cvelist 1
openvas 1
ibm
ibm
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Business Service Manager (CVE-2017-1380)
2018-06-17 15:46:38
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2017-1380)
2018-07-10 08:34:12
Security Bulletin: Vulnerability in IBM WebSphere Application Server affects Tivoli Storage Productivity Center (CVE-2017-1380)
2022-02-22 19:50:07
prion
prion
Cross site scripting
2017-07-24 21:29:00
nvd
nvd
CVE-2017-1380
2017-07-24 21:29:00
cve
cve
CVE-2017-1380
2017-07-24 21:29:00
cvelist
cvelist
CVE-2017-1380
2017-07-20 00:00:00
openvas
openvas
IBM Websphere Application Server 'XSS' And 'Insecure File Permissions' Vulnerabilities
2017-07-25 00:00:00

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

33.9%

JSON
Related for WEBSPHERE_CVE-2017-1380.NASL
ibm42prion1nvd1cve1cvelist1openvas1