IBM WebSphere Application Server 8.5.x < 8.5.5.15 / 9.0.0.x < 9.0.0.9 TLS Downgrade Vulnerability (CVE-2018-1719)

2019-05-30T00:00:00
ID WEBSPHERE_CVE-2018-1719.NASL
Type nessus
Reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-02-02T00:00:00

Description

The IBM WebSphere Application Server running on the remote host is version 8.5.x prior to 8.5.5.15, or 9.0.0.x prior to 9.0.0.9. It is, therefore, potentially affected by TLS downgrade vulnerability.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(125595);
  script_version("1.3");
  script_cvs_date("Date: 2020/02/06");

  script_cve_id("CVE-2018-1719");
  script_bugtraq_id(108496);

  script_name(english:"IBM WebSphere Application Server 8.5.x < 8.5.5.15 / 9.0.0.x < 9.0.0.9 TLS Downgrade Vulnerability (CVE-2018-1719)");
  script_summary(english:"Reads the version number from the SOAP and GIOP services.");

  script_set_attribute(attribute:"synopsis", value:
"The remote web application server is affected by a TLS downgrade
vulnerability.");
  script_set_attribute(attribute:"description", value:
"The IBM WebSphere Application Server running on the remote host is
version 8.5.x prior to 8.5.5.15, or 9.0.0.x prior to 9.0.0.9. It is,
therefore, potentially affected by TLS downgrade vulnerability.");
  script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=ibm10718837");
  script_set_attribute(attribute:"solution", value:
"Upgrade to IBM WebSphere Application Server 8.5.5.15 or 9.0.0.9 or
later. Alternatively, upgrade to the minimal fix pack levels required
by the interim fix and then apply Interim Fix PI98768.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1719");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/09/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/30");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("websphere_detect.nasl");
  script_require_ports("Services/www", 8880, 8881, 9001);
  script_require_keys("www/WebSphere", "Settings/ParanoidReport");

  exit(0);
}

include("vcf.inc");
include("http.inc");

app = "IBM WebSphere Application Server";
get_install_count(app_name:app, exit_if_zero:TRUE);

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_http_port(default:8880, embedded:FALSE);

app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);

vcf::check_granularity(app_info:app_info, sig_segments:4);

fix = "Interim Fix PI98768";
constraints = [
  {"min_version":"8.5.0.0", "max_version":"8.5.5.14", "fixed_version":"8.5.5.15 or " + fix},
  {"min_version":"9.0.0.0", "max_version":"9.0.0.8", "fixed_version":"9.0.0.9 or " + fix}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);