Lucene search
Copyright (C) 2016 Greenbone AGOPENVAS:1361412562310806825HistoryJan 19, 2016 - 12:00 a.m.
IBM Websphere Application Server Multiple Vulnerabilities-03 (Jan 2016)
2016-01-1900:00:00
Copyright (C) 2016 Greenbone AG
plugins.openvas.org
10
9.4 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
77.4%
IBM Websphere application server is prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:ibm:websphere_application_server";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.806825");
script_version("2024-02-20T05:05:48+0000");
script_cve_id("CVE-2012-4850", "CVE-2012-4851");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"last_modification", value:"2024-02-20 05:05:48 +0000 (Tue, 20 Feb 2024)");
script_tag(name:"creation_date", value:"2016-01-19 11:46:38 +0530 (Tue, 19 Jan 2016)");
script_tag(name:"qod_type", value:"remote_banner");
script_name("IBM Websphere Application Server Multiple Vulnerabilities-03 (Jan 2016)");
script_tag(name:"summary", value:"IBM Websphere application server is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Multiple flaws are due to
- when JAX-RS is used, does not properly validate requests
- improper validation of the URI");
script_tag(name:"impact", value:"Successful exploitation will allow
A remote attacker to gain cross-site scripting attack, and eleveated privileges
on the server caused by incorrect request validation.");
script_tag(name:"affected", value:"IBM WebSphere Application Server (WAS)
8.5 Liberty Profile before 8.5.0.1.");
script_tag(name:"solution", value:"Upgrade to IBM WebSphere Application
Server (WAS) version 8.5.0.1 or later.");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21614265");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/56460");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/56423");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone AG");
script_family("Web Servers");
script_dependencies("gb_ibm_websphere_detect.nasl");
script_mandatory_keys("ibm_websphere_application_server/installed");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if(!wasVer = get_app_version(cpe:CPE, nofork:TRUE))
exit(0);
if(version_is_equal(version:wasVer, test_version:"8.5.0.0"))
{
report = report_fixed_ver( installed_version:wasVer, fixed_version: "8.5.0.1" );
security_message(port:0, data:report);
exit(0);
}
exit(99);
Related
cve
cve
CVE-2012-4851
2012-11-14 12:30:00
CVE-2012-4850
2012-11-14 12:30:00
prion
prion
Cross site scripting
2012-11-14 12:30:00
Code injection
2012-11-14 12:30:00
seebug
seebug
IBM WebSphere Application Server 远程权限提升漏洞(CVE-2012-4850)
2012-11-19 00:00:00
nessus
nessus
IBM WebSphere Application Server 8.5 < Fix Pack 1 Multiple Vulnerabilities
2012-11-20 00:00:00
ibm
ibm
9.4 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
77.4%
Related for OPENVAS:1361412562310806825