Lucene search

K

IBM WebSphere Application Server Denial of Service (CVE-2019-4720)

๐Ÿ—“๏ธย 07 Feb 2020ย 00:00:00Reported byย This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.Typeย 
nessus
ย nessus
๐Ÿ”—ย www.tenable.com๐Ÿ‘ย 66ย Views

IBM WebSphere Application Server Denial of Service (CVE-2019-4720) affecting versions 7.0.x, 8.0.x, 8.5.0.x, and 9.0.

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)
17 Feb 202013:24
โ€“ibm
IBM Security Bulletins
Security Bulletin: Rational Asset Analyzer is affected by a vulnerability in Websphere Application Server.
30 Jun 202020:09
โ€“ibm
IBM Security Bulletins
Security Bulletin: A security vulnerabilities has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 (CVE-2019-4720).
27 Mar 202007:46
โ€“ibm
IBM Security Bulletins
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2019-4720)
8 Apr 202021:52
โ€“ibm
IBM Security Bulletins
Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-4720)
10 May 202017:47
โ€“ibm
IBM Security Bulletins
Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable to Denial of Service (CVE-2019-4720)
22 Oct 202012:32
โ€“ibm
IBM Security Bulletins
Security Bulletin: Potential denial of service vulnerability in the Apache CXF library used in WebSphere Application Server Liberty Core affect CICS Transaction Gateway
9 Dec 202116:57
โ€“ibm
IBM Security Bulletins
Security Bulletin: Websphere denial-of-service vulnerability affects IBM Control Center (CVE-2019-4720)
4 May 202021:42
โ€“ibm
IBM Security Bulletins
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2019-4720)
30 Jan 202023:55
โ€“ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in WebSphere liberty related to DOS
21 May 202015:17
โ€“ibm
Rows per page
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(133529);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/10/23");

  script_cve_id("CVE-2019-4720");

  script_name(english:"IBM WebSphere Application Server Denial of Service (CVE-2019-4720)");

  script_set_attribute(attribute:"synopsis", value:
"The remote web application server is affected by an information disclosure vulnerability");
  script_set_attribute(attribute:"description", value:
"The IBM WebSphere Application Server running on the remote host is version 7.0.x prior or equal to 7.0.0.45, 8.0.x 
prior or equal to 8.0.0.15, 8.5.0.x prior to 8.5.5.18, or 9.0.x prior to 9.0.5.3 It is, therefore, affected by
aa denial of service vulnerability. An unauthenticated remote attacker can exploit this by using a specially crafted 
request to cause the system to stop responding.");
  script_set_attribute(attribute:"see_also", value:"https://exchange.xforce.ibmcloud.com/vulnerabilities/172125");
  script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/support/pages/node/1285372");
  script_set_attribute(attribute:"solution", value:
"Upgrade to IBM WebSphere Application Server 8.5.5.18, 9.0.5.3, or
later.  Alternatively, upgrade to the minimal fix pack levels required
by the interim  fix and then apply Interim Fix PH19528.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-4720");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/01/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/07");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("websphere_detect.nasl", "ibm_enum_products.nbin", "ibm_websphere_application_server_nix_installed.nbin");
  script_require_keys("installed_sw/IBM WebSphere Application Server");

  exit(0);
}

include('vcf.inc');


app = 'IBM WebSphere Application Server';
fix = 'Interim Fix PH19528';

get_install_count(app_name:app, exit_if_zero:TRUE);
app_info = vcf::combined_get_app_info(app:app);
vcf::check_granularity(app_info:app_info, sig_segments:4);

# If the detection is only remote, Source will be set, and we should require paranoia
if (!empty_or_null(app_info['Source']) && app_info['Source'] != 'unknown' && report_paranoia < 2)
  audit(AUDIT_PARANOID);

if ('PH19528' >< app_info['Fixes'])
  audit(AUDIT_INST_VER_NOT_VULN, app);

constraints = [
  {'min_version':'7.0.0.0', 'max_version':'7.0.0.45', 'fixed_version':'7.0.0.45 and '+fix},
  {'min_version':'8.0.0.0', 'max_version':'8.0.0.15', 'fixed_version':'8.0.0.15 and ' + fix},
  {'min_version':'8.5.5.0', 'fixed_version':'8.5.5.18', 'fixed_display':'8.5.5.18 or ' + fix},
  {'min_version':'9.0.0.0', 'fixed_version':'9.0.5.3', 'fixed_display':'9.0.5.3 or ' + fix}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
07 Feb 2020 00:00Current
7.7High risk
Vulners AI Score7.7
CVSS25.0
CVSS37.5
EPSS0.001
66
.json
Report