Lucene search
This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.WEBSPHERE_CVE-2018-1794.NASLHistoryApr 21, 2020 - 12:00 a.m.
IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.15 / 9.x < 9.0.0.10 XSS (CVE-2018-1794)
2020-04-2100:00:00
This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
The IBM WebSphere Application Server running on the remote host is version 7.0.0.0 through 7.0.0.45, 8.0.0.0 through 8.0.0.15, 8.5.x prior to 8.5.5.15, or 9.x prior to 9.0.0.10. It is, therefore, affected by a cross-site scripting (XSS) vulnerability in the OAuth ear due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user’s browser session.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(135771);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/11/30");
script_cve_id("CVE-2018-1794");
script_name(english:"IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.15 / 9.x < 9.0.0.10 XSS (CVE-2018-1794)");
script_set_attribute(attribute:"synopsis", value:
"The remote web application server is affected by a cross-site scripting (XSS) vulnerability");
script_set_attribute(attribute:"description", value:
"The IBM WebSphere Application Server running on the remote host is version 7.0.0.0 through 7.0.0.45, 8.0.0.0 through
8.0.0.15, 8.5.x prior to 8.5.5.15, or 9.x prior to 9.0.0.10. It is, therefore, affected by a cross-site scripting (XSS)
vulnerability in the OAuth ear due to improper validation of user-supplied input before returning it to users. An
unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute
arbitrary script code in a user's browser session.");
script_set_attribute(attribute:"see_also", value:"https://exchange.xforce.ibmcloud.com/vulnerabilities/148949");
script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=ibm10729571");
# https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-vulnerability-in-oauth-ear-in-websphere-application-server-cve-2018-1794/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c22d2021");
script_set_attribute(attribute:"solution", value:
"Upgrade to IBM WebSphere Application Server 8.5.5.15, 9.0.0.10, or later. Alternatively, upgrade to the minimal fix pack
levels required by the interim fix and then apply Interim Fix PH01753.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1794");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/02");
script_set_attribute(attribute:"patch_publication_date", value:"2018/10/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/21");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"agent", value:"all");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("websphere_detect.nasl", "ibm_enum_products.nbin", "ibm_websphere_application_server_nix_installed.nbin");
script_require_keys("installed_sw/IBM WebSphere Application Server");
exit(0);
}
include('vcf.inc');
app = 'IBM WebSphere Application Server';
fix = 'Interim Fix PH01753';
get_install_count(app_name:app, exit_if_zero:TRUE);
app_info = vcf::combined_get_app_info(app:app);
vcf::check_granularity(app_info:app_info, sig_segments:4);
# If the detection is only remote, Source will be set, and we should require paranoia
if (!empty_or_null(app_info['Source']) && app_info['Source'] != 'unknown' && report_paranoia < 2)
audit(AUDIT_PARANOID);
if ('PH01753' >< app_info['Fixes'])
audit(AUDIT_INST_VER_NOT_VULN, app);
constraints = [
{'min_version':'7.0.0.0', 'max_version':'7.0.0.45', 'fixed_version':fix},
{'min_version':'8.0.0.0', 'max_version':'8.0.0.15', 'fixed_version':fix},
{'min_version':'8.5.0.0', 'max_version':'8.5.5.14', 'fixed_version':'8.5.5.15 or ' + fix},
{'min_version':'9.0.0.0', 'max_version':'9.0.0.9', 'fixed_version':'9.0.0.10 or ' + fix}
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING, flags:{xss:TRUE});
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_application_server | cpe:/a:ibm:websphere_application_server |
Related
ibm
ibm
Security Bulletin: Cross-site scripting vulnerability in OAuth ear in WebSphere Application Server shipped with Jazz for Service Management (CVE-2018-1794)
2019-03-28 10:10:02
prion
prion
Cross site scripting
2018-10-03 14:29:00
cvelist
cvelist
CVE-2018-1794
2018-10-01 00:00:00
cve
cve
CVE-2018-1794
2018-10-03 14:29:00
Related for WEBSPHERE_CVE-2018-1794.NASL