Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 Tenable Network Security, Inc.WEBSPHERE_PORTAL_8_0_0_1_CF15.NASL
HistoryApr 17, 2015 - 12:00 a.m.

IBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF15 Multiple Vulnerabilities

2015-04-1700:00:00
This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.
www.tenable.com
27

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.4%

JSON

The version of IBM WebSphere Portal installed on the remote host is 8.0.0.x prior to 8.0.0.1 CF15. It is, therefore, affected by multiple vulnerabilities :

  • A flaw exists in ‘Apache Commons HttpClient’ that allows a man-in-the-middle attacker to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. (CVE-2012-6153)

  • A flaw exists in ‘Apache HttpComponents’ that allows a man-in-the-middle attacker to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. (CVE-2014-3577)

  • An unspecified vulnerability exists that allows an authenticated attacker to execute arbitrary code on the system. (CVE-2014-4808)

  • A flaw exists due to improper recursion detection during entity expansion. A remote attacker, via a specially crafted XML document, can cause the system to crash, resulting in a denial of service. (CVE-2014-4814)

  • An information disclosure vulnerability exists that allows a remote attacker to identify whether or not a file exists based on the web server error codes.
    (CVE-2014-4821)

  • A cross-site scripting vulnerability exists in the ‘Preview’ plugin in CKEditor, which allows a remote attacker to inject arbitrary data via unspecified vectors. (CVE-2014-5191)

  • A cross-site scripting vulnerability exists that allows an attacker to inject arbitrary web script or HTML via a specially crafted URL. (CVE-2014-6171)

  • A flaw exists when the Managed Pages setting is enabled that allows a remote, authenticated attacker to write to pages via an XML injection attack. (CVE-2014-6193)

  • A cross-site scripting vulnerability exists in the Blog Portlet, which allows an attacker to inject arbitrary data via a specially crafted URL. (CVE-2014-8902)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(82850);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id(
    "CVE-2012-6153",
    "CVE-2014-3577",
    "CVE-2014-4808",
    "CVE-2014-4814",
    "CVE-2014-4821",
    "CVE-2014-5191",
    "CVE-2014-6171",
    "CVE-2014-6193",
    "CVE-2014-8902"
  );
  script_bugtraq_id(
    69161,
    69257,
    69258,
    70755,
    70757,
    70758
  );

  script_name(english:"IBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF15 Multiple Vulnerabilities");
  script_summary(english:"Checks for the installed patch.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has web portal software installed that is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of IBM WebSphere Portal installed on the remote host is
8.0.0.x prior to 8.0.0.1 CF15. It is, therefore, affected by multiple
vulnerabilities :

  - A flaw exists in 'Apache Commons HttpClient' that allows
    a man-in-the-middle attacker to spoof SSL servers via a
    certificate with a subject that specifies a common name
    in a field that is not the CN field. (CVE-2012-6153)

  - A flaw exists in 'Apache HttpComponents' that allows a
    man-in-the-middle attacker to spoof SSL servers via a
    certificate with a subject that specifies a common name
    in a field that is not the CN field. (CVE-2014-3577)

  - An unspecified vulnerability exists that allows an
    authenticated attacker to execute arbitrary code on the
    system. (CVE-2014-4808)

  - A flaw exists due to improper recursion detection during
    entity expansion. A remote attacker, via a specially
    crafted XML document, can cause the system to crash,
    resulting in a denial of service. (CVE-2014-4814)

  - An information disclosure vulnerability exists that
    allows a remote attacker to identify whether or not a
    file exists based on the web server error codes.
    (CVE-2014-4821)

  - A cross-site scripting vulnerability exists in the
    'Preview' plugin in CKEditor, which allows a remote
    attacker to inject arbitrary data via unspecified
    vectors. (CVE-2014-5191)

  - A cross-site scripting vulnerability exists that allows
    an attacker to inject arbitrary web script or HTML via a
    specially crafted URL. (CVE-2014-6171)

  - A flaw exists when the Managed Pages setting is enabled
    that allows a remote, authenticated attacker to write to
    pages via an XML injection attack. (CVE-2014-6193)

  - A cross-site scripting vulnerability exists in the Blog
    Portlet, which allows an attacker to inject arbitrary
    data via a specially crafted URL. (CVE-2014-8902)");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg24034497#WP15");
  script_set_attribute(attribute:"solution", value:
"Upgrade to IBM WebSphere Portal 8.0.0.1 Cumulative Fix 15 (CF15) or
later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/02/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");

  script_dependencies("websphere_portal_installed.nbin");
  script_require_keys("installed_sw/IBM WebSphere Portal");

  exit(0);
}

include("websphere_portal_version.inc");

websphere_portal_check_version(
  ranges:make_list("8.0.0.0, 8.0.0.1"),
  fix:"CF15",
  severity:SECURITY_WARNING,
  xss:TRUE
);
VendorProductVersionCPE
ibmwebsphere_portalcpe:/a:ibm:websphere_portal

Related

openvas 18
ibm 41
nessus 33
freebsd 2
redhat 16
fedora 4
securityvulns 5
mageia 2
amazon 1
debian 1
f5 5
ubuntucve 5
osv 7
cve 11
ubuntu 1
cvelist 11
prion 11
nvd 11
veracode 3
debiancve 2
centos 2
oraclelinux 2
github 4
redhatcve 1
openvas
openvas
RedHat Update for jakarta-commons-httpclient RHSA-2014:1166-01
2014-09-09 00:00:00
CentOS Update for jakarta-commons-httpclient CESA-2014:1166 centos7
2014-09-10 00:00:00
Fedora Update for httpcomponents-client FEDORA-2014-9629
2014-08-31 00:00:00
ibm
ibm
Security Bulletin: Apache HTTPComponents vulnerabilities in WebSphere Application Server (CVE-2012-6153, CVE-2014-3577)
2018-06-15 07:03:46
Security Bulletin: Apache HttpComponents vulnerable to spoofing attacks are affecting Case Manager Client (CVE-2012-6153, CVE-2014-3577)
2018-06-17 12:12:04
Security Bulletin: Public disclosed vulnerabilities from Apache HttpComponents affects IBM Spectrum LSF
2019-03-01 14:10:02
nessus
nessus
RHEL 5 / 6 : JBoss EAP (RHSA-2014:1834)
2014-11-12 00:00:00
RHEL 5 / 6 : JBoss EWP (RHSA-2014:1833)
2014-11-12 00:00:00
FreeBSD : Axis2 -- Security vulnerabilities on dependency Apache HttpClient (ac18046c-9b08-11e6-8011-005056925db4)
2016-10-31 00:00:00
freebsd
freebsd
Axis2 -- Security vulnerabilities on dependency Apache HttpClient
2012-12-06 00:00:00
jenkins -- Jenkins core bundles vulnerable version of the commons-httpclient library
2021-10-06 00:00:00
redhat
redhat
(RHSA-2014:1834) Important: Red Hat JBoss Enterprise Application Platform 5.2.0 security update
2014-11-10 00:00:00
(RHSA-2014:1892) Important: Red Hat JBoss BPM Suite 6.0.3 update
2014-11-24 20:44:18
(RHSA-2014:1082) Important: thermostat1-httpcomponents-client security update
2014-08-20 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: httpcomponents-client-4.2.5-4.fc19
2014-08-30 03:57:30
[SECURITY] Fedora 20 Update: httpcomponents-client-4.2.5-4.fc20
2014-08-30 03:58:27
[SECURITY] Fedora 19 Update: jakarta-commons-httpclient-3.1-15.fc19
2014-08-27 01:28:57
securityvulns
securityvulns
CVE-2014-3577: Apache HttpComponents client: Hostname verification susceptible to MITM attack
2014-08-18 00:00:00
[USN-2769-1] Apache Commons HttpClient
2015-10-25 00:00:00
[ MDVSA-2014:170 ] jakarta-commons-httpclient
2014-10-15 00:00:00
mageia
mageia
Updated Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerabilities
2014-08-25 12:44:11
Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability
2014-08-25 12:44:11
amazon
amazon
Important: jakarta-commons-httpclient
2014-09-17 21:47:00
debian
debian
[SECURITY] [DLA 222-1] commons-httpclient security update
2015-05-19 15:18:39
f5
f5
SOL15364328 - Apache vulnerabilities CVE-2012-5783, CVE-2012-6153, and CVE-2014-3577
2016-02-02 00:00:00
K15737 : Apache vulnerability CVE-2014-3577
2014-10-23 00:00:00
SOL15737 - Apache vulnerability CVE-2014-3577
2014-10-23 00:00:00
ubuntucve
ubuntucve
CVE-2012-5783
2012-11-04 00:00:00
CVE-2014-5191
2014-08-07 00:00:00
CVE-2014-3577
2014-08-21 00:00:00
osv
osv
commons-httpclient - security update
2015-05-19 00:00:00
Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient
2018-10-17 00:05:06
Improper certificate validation in org.apache.httpcomponents:httpclient
2018-10-17 00:05:15
cve
cve
CVE-2014-8902
2014-12-19 02:59:06
CVE-2014-6193
2014-12-19 02:59:03
CVE-2014-4808
2014-10-28 19:55:02
ubuntu
ubuntu
Apache Commons HttpClient vulnerabilities
2015-10-14 00:00:00
cvelist
cvelist
CVE-2014-6193
2014-12-19 02:00:00
CVE-2014-8902
2014-12-19 02:00:00
CVE-2014-4821
2014-10-28 19:00:00
prion
prion
Cross site scripting
2014-12-19 02:59:00
Code injection
2014-10-28 19:55:00
Design/Logic Flaw
2014-12-19 02:59:00
nvd
nvd
CVE-2014-8902
2014-12-19 02:59:06
CVE-2014-6171
2014-12-19 02:59:01
CVE-2014-6193
2014-12-19 02:59:03
veracode
veracode
Cross-Site Scripting (XSS)
2015-02-11 16:10:59
Improper Certificate Common Name Verification Allows Spoofing SSL Servers
2019-01-15 09:00:42
Man In The Middle (MitM) Attacks Are Possible With Spoofed SSL Servers
2019-01-15 08:59:46
debiancve
debiancve
CVE-2014-5191
2014-08-07 11:13:37
CVE-2014-3577
2014-08-21 14:55:05
centos
centos
jakarta security update
2014-09-08 16:54:16
httpcomponents security update
2014-09-03 23:09:02
oraclelinux
oraclelinux
httpcomponents-client security update
2014-09-03 00:00:00
jakarta-commons-httpclient security update
2014-09-08 00:00:00
github
github
Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient
2018-10-17 00:05:06
Improper Certificate Validation in Jenkins
2022-05-14 01:04:35
MitM on Jenkins Maven Plugin
2022-05-14 03:45:43
redhatcve
redhatcve
CVE-2017-1000396
2017-11-21 11:21:17

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.4%

JSON
Related for WEBSPHERE_PORTAL_8_0_0_1_CF15.NASL
openvas18ibm41nessus33freebsd2redhat16fedora4securityvulns5mageia2amazon1debian1f55ubuntucve5osv7cve11ubuntu1cvelist11prion11nvd11veracode3debiancve2centos2oraclelinux2github4redhatcve1