Lucene search

K
nessusThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.WEBSPHERE_CVE-2018-1797.NASL
HistoryApr 30, 2020 - 12:00 a.m.

IBM WebSphere Application Server 7.x / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.14 / 9.0.0.0 <= 9.0.0.9 Directory Traversal Vulnerability

2020-04-3000:00:00
This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C

EPSS

0.001

Percentile

36.2%

A directory traversal vulnerability exists in WebSphere Application Server that is using Enterprise bundle Archives (EBA). An authenticated, remote attacker can exploit this, by persuading a victim to extract a specially-crafted ZIP archive containing β€˜dot dot slash’ (…/) sequences, an attacker could exploit this vulnerability to write to arbitrary files on the system.

#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(136180);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/11/30");

  script_cve_id("CVE-2018-1797");

  script_name(english:"IBM WebSphere Application Server 7.x / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 <= 8.5.5.14 / 9.0.0.0 <= 9.0.0.9 Directory Traversal Vulnerability");

  script_set_attribute(attribute:"synopsis", value:
"The remote web application server is affected by a directory traversal vulnerability");
  script_set_attribute(attribute:"description", value:
"A directory traversal vulnerability exists in WebSphere Application Server that is using Enterprise bundle Archives
(EBA). An authenticated, remote attacker can exploit this, by persuading a victim to extract a specially-crafted ZIP
archive containing 'dot dot slash' (../) sequences, an attacker could exploit this vulnerability to write to arbitrary
files on the system.");
  script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/support/pages/node/730699");
  script_set_attribute(attribute:"solution", value:
"Upgrade to IBM WebSphere Application Server version reccomended in the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1797");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/09/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/30");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("websphere_detect.nasl", "ibm_enum_products.nbin", "ibm_websphere_application_server_nix_installed.nbin");
  script_require_keys("installed_sw/IBM WebSphere Application Server");

  exit(0);
}

include('vcf.inc');


app = 'IBM WebSphere Application Server';
fix = 'Interim Fix PH02031';

get_install_count(app_name:app, exit_if_zero:TRUE);
app_info = vcf::combined_get_app_info(app:app);
vcf::check_granularity(app_info:app_info, sig_segments:4);

# If the detection is only remote, Source will be set, and we should require paranoia
if (!empty_or_null(app_info['Source']) && app_info['Source'] != 'unknown' && report_paranoia < 2)
  audit(AUDIT_PARANOID);

if ('PH02031' >< app_info['Fixes'])
  audit(AUDIT_INST_VER_NOT_VULN, app);

constraints = [
  {'min_version':'7.0.0.0', 'max_version':'7.9.9.9', 'fixed_display':'Call IBM Support for the interim fix'},
  {'min_version':'8.0.0.0', 'max_version':'8.0.0.15', 'fixed_display':'8.0.0.15 ' + fix},
  {'min_version':'8.5.0.0', 'max_version':'8.5.5.14', 'fixed_display':'8.5.5.14 ' + fix + ' or 8.5.5.15'},
  {'min_version':'9.0.0.0', 'max_version':'9.0.0.9', 'fixed_display':'9.0.0.9 ' + fix + ' or 9.0.0.10'}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
VendorProductVersionCPE
ibmwebsphere_application_servercpe:/a:ibm:websphere_application_server

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C

EPSS

0.001

Percentile

36.2%

Related for WEBSPHERE_CVE-2018-1797.NASL