Lucene search
+L

IBM WebSphere Commerce ResetPassword Servlet Caching Information Disclosure

🗓️ 16 Mar 2005 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 9 Views

IBM WebSphere Commerce may allow attackers to disclose private information via password resets.

Refs
Code
SourceLink
nessuswww.nessus.org/u
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(17337);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_bugtraq_id(12812);

  script_name(english:"IBM WebSphere Commerce ResetPassword Servlet Caching Information Disclosure");
  script_summary(english:"Checks for remote information disclosure vulnerability in IBM WebSphere Application Server");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by an information disclosure issue.");
  script_set_attribute(attribute:"description", value:
"The remote host is running a version of IBM WebSphere Commerce that
may allow an attacker to conduct a brute-force attack against users
who have recently had their passwords invalidated in WebSphere
Commerce and uncover private information.");
  # http://publib.boulder.ibm.com/infocenter/wchelp/v5r6/index.jsp?topic=/com.ibm.commerce.esupport.doc/html/WebSphere_Commerce_Business_Edition/swg24007797.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6c2e4505");
  script_set_attribute(attribute:"solution", value:
"Apply WebSphere Commerce 5.6.0.2 fix pack or later.  If you are
running WebSphere Commerce v5.5 contact IBM product support and
request APAR IY60949.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2004/09/28");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_commerce");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");

  script_dependencies("http_version.nasl");
  script_require_ports("Services/www", 80);
  script_require_keys("www/WebSphere");

  exit(0);
}


include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);


# Due to the nature of this issue, we can only test based on the banner.
banner = get_http_banner(port:port);
if (
  banner &&
  egrep(string:banner, pattern:"^Server: WebSphere Application Server/([0-4]\..*|5\.([0-4]\..*|[56]\.0))")
) {
  # Check for the password reset form.
  foreach dir (make_list("", "/webapp")) {
    w = http_send_recv3(method:"GET", item:string(dir, "/commerce/servlet/emp/standard/passwordResetRequest.jsp"), port:port);
    if (isnull(w)) exit(0);
    res = w[2];

    # If it's available, there's a problem.
    if (tolower('name="logonId"') >< tolower(res)) {
      security_note(port);
      exit(0);
    }
  }
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation