IBM WebSphere Portal Unspecified Information Disclosure (PI17768)

2014-11-12T00:00:00
ID WEBSPHERE_PORTAL_CVE-2014-3083.NASL
Type nessus
Reporter Tenable
Modified 2016-11-29T00:00:00

Description

The version of IBM WebSphere Portal on the remote host is affected by an unspecified information disclosure vulnerability which allows a remote attacker to gain access to sensitive information.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(79217);
  script_version("$Revision: 1.3 $");
  script_cvs_date("$Date: 2016/11/29 20:13:38 $");

  script_cve_id("CVE-2014-3083");
  script_bugtraq_id(69298);
  script_osvdb_id(110186);

  script_name(english:"IBM WebSphere Portal Unspecified Information Disclosure (PI17768)");
  script_summary(english:"Checks the IBM WebSphere Portal version.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has web portal software installed that is
affected by an information disclosure vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of IBM WebSphere Portal on the remote host is affected by
an unspecified information disclosure vulnerability which allows a
remote attacker to gain access to sensitive information.");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21684652");
  # https://www.ibm.com/blogs/psirt/ibm-security-bulletin-fixes-available-for-security-vulnerabilities-in-ibm-websphere-portal-cve-2014-3083-cve-2014-4761/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?79ba94e1");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch for WebSphere Portal from IBM's advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:X/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/10/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.");

  script_dependencies("websphere_portal_installed.nbin");
  script_require_keys("installed_sw/IBM WebSphere Portal");
  script_require_ports(139, 445);

  exit(0);
}

include("websphere_portal_version.inc");

portlets = make_array();
wp_ranges =
  make_list("6.1.0.0, 6.1.0.6", "6.1.5.0, 6.1.5.3", "7.0.0.0, 7.0.0.2", "8.0.0.0, 8.0.0.1", "8.5.0.0, 8.5.0.0");

# Host is affected if 'pbjsr286inventoryexample.war' exists
paa = "JSR 286 Inventory";
portlets[paa]["File"] = "\..\PortalServer\ui\wp.propertybroker.jsr286invntry\pbjsr286inventoryexample.war";
portlets[paa]["WP Ranges"] = wp_ranges;

# Lotus Web Content Management Portlet
paa = "IBM Lotus Web Content Management Multilingual Solution";
portlets[paa]["Fixed Version"] = "7.0.0.2";
portlets[paa]["Fixed Build"]   = "47.64";
portlets[paa]["File"]          = "\paa\wcm_mls\components\wcm_mls\version\wcmmls.component";
portlets[paa]["Version Regex"] = 'spec-version="([0-9\\.]+)"\\s*/>';
portlets[paa]["Build Regex"]   = 'build-version="([0-9\\.]+)"';
portlets[paa]["WP Ranges"]     = make_list("7.0.0.0, 7.0.0.2", "8.0.0.0, 8.0.0.1");

# WebSphere Commerce Integrator
paa = "WebSphere Commerce Integrator";
portlets[paa]["Fixed Version"] = "8.0";
portlets[paa]["File"]          = "\paa\wcm.wcs.integrator.paa\components\wcm.wcs.integrator\version\wcm.wcs.integrator.component";
portlets[paa]["Version Regex"] = 'spec-version="([0-9\\.]+)"\\s*/>';
portlets[paa]["WP Ranges"]     = wp_ranges;

# IBM Sametime Proxy Contact List
paa = "IBM Sametime Proxy Contact List";
portlets[paa]["Fixed Version"] = "9.0";
portlets[paa]["Cell File"]     = "\PA_ContactList.ear\ContactList.war\WEB-INF\portlet.xml";
portlets[paa]["Version Regex"] = "<name>sametime\.proxy</name>\s*<value>([0-9.]+)</value>";
portlets[paa]["WP Ranges"]     = wp_ranges;

websphere_portal_check_version(
  checks:make_array(
    "7.0.0.0, 7.0.0.2, CF28", make_list("PI23130, PI23131, PI23136, PI23139, PI23143, PI23772"),
    "6.1.5.0, 6.1.5.3, CF27", make_list("PI23130, PI23136, PI23139, PI23143"),
    "6.1.0.0, 6.1.0.6, CF27", make_list("PI23130, PI23136, PI23139, PI23143")
  ),
  portlets:portlets,
  severity:SECURITY_WARNING
);