IBM WebSphere MQ 6.x < 6.0.2.9 / 7.x < 7.0.1.1 'userid' and 'password' Information Disclosure
2012-11-16T00:00:00
ID WEBSPHERE_MQ_6029_7011.NASL Type nessus Reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. Modified 2021-03-02T00:00:00
Description
The IBM WebSphere MQ server installed on the remote Windows host is
version 6.x prior to 6.0.2.9 or version 7.x prior to 7.0.1.1. It is,
therefore, affected by a security weakness where usernames and
passwords are sent as cleartext in parameter fields, thus allowing a
remote attacker to obtain sensitive information by sniffing the
networking traffic.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(62943);
script_version("1.6");
script_cvs_date("Date: 2018/08/06 14:03:16");
script_cve_id("CVE-2010-2637");
script_bugtraq_id(55521);
script_name(english:"IBM WebSphere MQ 6.x < 6.0.2.9 / 7.x < 7.0.1.1 'userid' and 'password' Information Disclosure");
script_summary(english:"Checks the version of IBM WebSphere MQ.");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has a service installed that does not encrypt
usernames and passwords submitted to web pages.");
script_set_attribute(attribute:"description", value:
"The IBM WebSphere MQ server installed on the remote Windows host is
version 6.x prior to 6.0.2.9 or version 7.x prior to 7.0.1.1. It is,
therefore, affected by a security weakness where usernames and
passwords are sent as cleartext in parameter fields, thus allowing a
remote attacker to obtain sensitive information by sniffing the
networking traffic.");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg27007069");
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg27014224");
script_set_attribute(attribute:"solution", value:"Upgrade to WebSphere MQ 6.0.2.9 / 7.0.1.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2010/04/06");
script_set_attribute(attribute:"patch_publication_date", value:"2010/04/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_mq");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
script_dependencies("websphere_mq_installed.nasl");
script_require_keys("installed_sw/IBM WebSphere MQ");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");
app_name = "IBM WebSphere MQ";
install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
version = install['version'];
path = install['path'];
fix = FALSE;
fixes = make_array(
"^6\.0\." , "6.0.2.9",
"^7\.0\.1\." , "7.0.1.1"
);
# Find the fix for our version
foreach fixcheck (keys(fixes))
{
if(version =~ fixcheck)
{
fix = fixes[fixcheck];
break;
}
}
# Version not affected
if(!fix)
audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);
# Check affected version
if(ver_compare(ver:version, fix:fix, strict:FALSE) == -1)
{
port = get_kb_item("SMB/transport");
if (!port) port = 445;
if (report_verbosity > 0)
{
report =
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix +
'\n';
security_warning(extra:report, port:port);
}
else security_warning(port);
}
else audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);
{"id": "WEBSPHERE_MQ_6029_7011.NASL", "bulletinFamily": "scanner", "title": "IBM WebSphere MQ 6.x < 6.0.2.9 / 7.x < 7.0.1.1 'userid' and 'password' Information Disclosure", "description": "The IBM WebSphere MQ server installed on the remote Windows host is\nversion 6.x prior to 6.0.2.9 or version 7.x prior to 7.0.1.1. It is,\ntherefore, affected by a security weakness where usernames and\npasswords are sent as cleartext in parameter fields, thus allowing a\nremote attacker to obtain sensitive information by sniffing the\nnetworking traffic.", "published": "2012-11-16T00:00:00", "modified": "2021-03-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "https://www.tenable.com/plugins/nessus/62943", "reporter": "This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.", "references": ["http://www-01.ibm.com/support/docview.wss?uid=swg27014224", "http://www-01.ibm.com/support/docview.wss?uid=swg27007069"], "cvelist": ["CVE-2010-2637"], "type": "nessus", "lastseen": "2021-03-01T07:49:55", "edition": 25, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-2637"]}], "modified": "2021-03-01T07:49:55", "rev": 2}, "score": {"value": 5.5, "vector": "NONE", "modified": "2021-03-01T07:49:55", "rev": 2}, "vulnersScore": 5.5}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62943);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\"CVE-2010-2637\");\n script_bugtraq_id(55521);\n\n script_name(english:\"IBM WebSphere MQ 6.x < 6.0.2.9 / 7.x < 7.0.1.1 'userid' and 'password' Information Disclosure\");\n script_summary(english:\"Checks the version of IBM WebSphere MQ.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a service installed that does not encrypt\nusernames and passwords submitted to web pages.\");\n script_set_attribute(attribute:\"description\", value:\n\"The IBM WebSphere MQ server installed on the remote Windows host is\nversion 6.x prior to 6.0.2.9 or version 7.x prior to 7.0.1.1. It is,\ntherefore, affected by a security weakness where usernames and\npasswords are sent as cleartext in parameter fields, thus allowing a\nremote attacker to obtain sensitive information by sniffing the\nnetworking traffic.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg27007069\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg27014224\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to WebSphere MQ 6.0.2.9 / 7.0.1.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_mq\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"websphere_mq_installed.nasl\");\n script_require_keys(\"installed_sw/IBM WebSphere MQ\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp_name = \"IBM WebSphere MQ\";\ninstall = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);\nversion = install['version'];\npath = install['path'];\nfix = FALSE;\nfixes = make_array(\n \"^6\\.0\\.\" , \"6.0.2.9\",\n \"^7\\.0\\.1\\.\" , \"7.0.1.1\"\n);\n\n# Find the fix for our version\nforeach fixcheck (keys(fixes))\n{\n if(version =~ fixcheck)\n {\n fix = fixes[fixcheck];\n break;\n }\n}\n\n# Version not affected\nif(!fix)\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n\n# Check affected version\nif(ver_compare(ver:version, fix:fix, strict:FALSE) == -1)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n if (report_verbosity > 0)\n {\n report = \n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(extra:report, port:port);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);\n", "naslFamily": "Windows", "pluginID": "62943", "cpe": ["cpe:/a:ibm:websphere_mq"], "scheme": null}
{"cve": [{"lastseen": "2021-02-02T05:45:00", "description": "IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information by sniffing the network traffic from a .NET client application.", "edition": 4, "cvss3": {}, "published": "2010-11-12T21:00:00", "title": "CVE-2010-2637", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2637"], "modified": "2017-08-17T01:32:00", "cpe": ["cpe:/a:ibm:websphere_mq:6.0.2.1", "cpe:/a:ibm:websphere_mq:6.0.2.8", "cpe:/a:ibm:websphere_mq:6.0.2.10", "cpe:/a:ibm:websphere_mq:6.0.2.5", "cpe:/a:ibm:websphere_mq:6.0.1.1", "cpe:/a:ibm:websphere_mq:6.0", "cpe:/a:ibm:websphere_mq:7.0.0.2", "cpe:/a:ibm:websphere_mq:6.0.1.0", "cpe:/a:ibm:websphere_mq:7.0.1.0", "cpe:/a:ibm:websphere_mq:6.0.2.6", "cpe:/a:ibm:websphere_mq:6.0.2.7", "cpe:/a:ibm:websphere_mq:6.0.2.2", "cpe:/a:ibm:websphere_mq:7.0.0.1", "cpe:/a:ibm:websphere_mq:7.0", "cpe:/a:ibm:websphere_mq:6.0.2.0", "cpe:/a:ibm:websphere_mq:6.0.2.4", "cpe:/a:ibm:websphere_mq:6.0.2.3", "cpe:/a:ibm:websphere_mq:6.0.0.0"], "id": "CVE-2010-2637", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2637", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:ibm:websphere_mq:7.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_mq:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_mq:6.0.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_mq:6.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_mq:6.0.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_mq:6.0.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_mq:6.0.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_mq:6.0.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_mq:6.0.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_mq:6.0.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_mq:6.0.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_mq:6.0.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_mq:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_mq:7.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_mq:6.0.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_mq:7.0.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_mq:6.0.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_mq:6.0.2.8:*:*:*:*:*:*:*"]}]}
