Search...

IBM Websphere Application Server Multiple Vulnerabilities -05 Jan16

2016-01-19T00:00:00

ID OPENVAS:1361412562310806829
Type openvas
Reporter Copyright (C) 2016 Greenbone Networks GmbH
Modified 2019-02-21T00:00:00

Description

This host is installed with IBM Websphere application server and is prone to multiple vulnerabilities.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ibm_websphere_mult_vuln05_jan16.nasl 13803 2019-02-21 08:24:24Z cfischer $
#
# IBM Websphere Application Server Multiple Vulnerabilities -05 Jan16
#
# Authors:
# Kashinath T &lt;tkashinath@secpod.com&gt;
#
# Copyright:
# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

CPE = "cpe:/a:ibm:websphere_application_server";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.806829");
  script_version("$Revision: 13803 $");
  script_cve_id("CVE-2013-6323", "CVE-2014-0859");
  script_bugtraq_id(67720, 67335);
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_tag(name:"last_modification", value:"$Date: 2019-02-21 09:24:24 +0100 (Thu, 21 Feb 2019) $");
  script_tag(name:"creation_date", value:"2016-01-19 13:56:59 +0530 (Tue, 19 Jan 2016)");
  script_tag(name:"qod_type", value:"remote_banner");
  script_name("IBM Websphere Application Server Multiple Vulnerabilities -05 Jan16");

  script_tag(name:"summary", value:"This host is installed with IBM Websphere
  application server and is prone to multiple vulnerabilities.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Multiple flaws are due to

  - insufficient validation of user supplied input by Administration Console.

  - An error in web server plugin when is configured to retry failed POST
    requests.");

  script_tag(name:"impact", value:"Successful exploitation will allow
  remote attackers to inject arbitrary web script or HTML and also to cause a
  denial of service (daemon crash).");

  script_tag(name:"affected", value:"IBM WebSphere Application Server (WAS)
  7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2");

  script_tag(name:"solution", value:"Upgrade to IBM WebSphere Application
  Server (WAS) version 7.0.0.33 or 8.0.0.9 or 8.5.5.2 or later.");

  script_tag(name:"solution_type", value:"VendorFix");

  script_xref(name:"URL", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21669554");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2016 Greenbone Networks GmbH");
  script_family("Web Servers");
  script_dependencies("gb_ibm_websphere_detect.nasl");
  script_mandatory_keys("ibm_websphere_application_server/installed");

  script_xref(name:"URL", value:"http://www-03.ibm.com/software/products/en/appserv-was");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if(!wasVer = get_app_version(cpe:CPE, nofork:TRUE))
  exit(0);

if(version_in_range(version:wasVer, test_version:"7.0", test_version2:"7.0.0.32"))
{
  fix = "7.0.0.33";
  VULN = TRUE;
}

else if(version_in_range(version:wasVer, test_version:"8.0", test_version2:"8.0.0.8"))
{
  fix = "8.0.0.9";
  VULN = TRUE;
}

else if(version_in_range(version:wasVer, test_version:"8.5", test_version2:"8.5.5.1"))
{
  fix = "8.5.5.2";
  VULN = TRUE;
}

if(VULN)
{
  report = report_fixed_ver(installed_version:wasVer, fixed_version:fix);
  security_message(port:0, data:report);
  exit(0);
}

exit(99);

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310806829", "type": "openvas", "bulletinFamily": "scanner", "title": "IBM Websphere Application Server Multiple Vulnerabilities -05 Jan16", "description": "This host is installed with IBM Websphere\n application server and is prone to multiple vulnerabilities.", "published": "2016-01-19T00:00:00", "modified": "2019-02-21T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806829", "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "references": ["http://www-03.ibm.com/software/products/en/appserv-was", "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"], "cvelist": ["CVE-2014-0859", "CVE-2013-6323"], "lastseen": "2019-05-29T18:35:31", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-6323", "CVE-2014-0859"]}, {"type": "nessus", "idList": ["WEBSPHERE_8_5_5_2.NASL", "WEBSPHERE_8_0_0_9.NASL", "WEBSPHERE_7_0_0_33.NASL"]}], "modified": "2019-05-29T18:35:31", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2019-05-29T18:35:31", "rev": 2}, "vulnersScore": 6.7}, "pluginID": "1361412562310806829", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ibm_websphere_mult_vuln05_jan16.nasl 13803 2019-02-21 08:24:24Z cfischer $\n#\n# IBM Websphere Application Server Multiple Vulnerabilities -05 Jan16\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:ibm:websphere_application_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806829\");\n script_version(\"$Revision: 13803 $\");\n script_cve_id(\"CVE-2013-6323\", \"CVE-2014-0859\");\n script_bugtraq_id(67720, 67335);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-21 09:24:24 +0100 (Thu, 21 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-19 13:56:59 +0530 (Tue, 19 Jan 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"IBM Websphere Application Server Multiple Vulnerabilities -05 Jan16\");\n\n script_tag(name:\"summary\", value:\"This host is installed with IBM Websphere\n application server and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to\n\n - insufficient validation of user supplied input by Administration Console.\n\n - An error in web server plugin when is configured to retry failed POST\n requests.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to inject arbitrary web script or HTML and also to cause a\n denial of service (daemon crash).\");\n\n script_tag(name:\"affected\", value:\"IBM WebSphere Application Server (WAS)\n 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2\");\n\n script_tag(name:\"solution\", value:\"Upgrade to IBM WebSphere Application\n Server (WAS) version 7.0.0.33 or 8.0.0.9 or 8.5.5.2 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21669554\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_ibm_websphere_detect.nasl\");\n script_mandatory_keys(\"ibm_websphere_application_server/installed\");\n\n script_xref(name:\"URL\", value:\"http://www-03.ibm.com/software/products/en/appserv-was\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!wasVer = get_app_version(cpe:CPE, nofork:TRUE))\n exit(0);\n\nif(version_in_range(version:wasVer, test_version:\"7.0\", test_version2:\"7.0.0.32\"))\n{\n fix = \"7.0.0.33\";\n VULN = TRUE;\n}\n\nelse if(version_in_range(version:wasVer, test_version:\"8.0\", test_version2:\"8.0.0.8\"))\n{\n fix = \"8.0.0.9\";\n VULN = TRUE;\n}\n\nelse if(version_in_range(version:wasVer, test_version:\"8.5\", test_version2:\"8.5.5.1\"))\n{\n fix = \"8.5.5.2\";\n VULN = TRUE;\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:wasVer, fixed_version:fix);\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);", "naslFamily": "Web Servers", "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T06:06:59", "description": "Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.", "edition": 4, "cvss3": {}, "published": "2014-05-01T17:29:00", "title": "CVE-2013-6323", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6323"], "modified": "2017-08-29T01:33:00", "cpe": ["cpe:/a:ibm:websphere_application_server:7.0.0.8", "cpe:/a:ibm:websphere_application_server:7.0.0.3", "cpe:/a:ibm:websphere_application_server:7.0.0.12", "cpe:/a:ibm:websphere_application_server:8.5.5.1", "cpe:/a:ibm:websphere_application_server:8.5.0.0", "cpe:/a:ibm:websphere_application_server:7.0", "cpe:/a:ibm:websphere_application_server:8.0.0.7", "cpe:/a:ibm:websphere_application_server:7.0.0.7", "cpe:/a:ibm:websphere_application_server:7.0.0.9", "cpe:/a:ibm:websphere_application_server:7.0.0.25", "cpe:/a:ibm:websphere_application_server:8.5.5.0", "cpe:/a:ibm:websphere_application_server:8.5.0.1", "cpe:/a:ibm:websphere_application_server:8.0.0.3", "cpe:/a:ibm:websphere_application_server:7.0.0.16", "cpe:/a:ibm:websphere_application_server:7.0.0.31", "cpe:/a:ibm:websphere_virtual_enterprise:7.0", "cpe:/a:ibm:websphere_application_server:7.0.0.11", "cpe:/a:ibm:websphere_application_server:8.0.0.5", "cpe:/a:ibm:websphere_application_server:7.0.0.18", "cpe:/a:ibm:websphere_application_server:7.0.0.24", "cpe:/a:ibm:websphere_application_server:7.0.0.19", "cpe:/a:ibm:websphere_application_server:7.0.0.10", "cpe:/a:ibm:websphere_application_server:8.0.0.2", "cpe:/a:ibm:websphere_application_server:8.0.0.8", "cpe:/a:ibm:websphere_application_server:7.0.0.21", "cpe:/a:ibm:websphere_application_server:7.0.0.23", "cpe:/a:ibm:websphere_virtual_enterprise:7.0.0.4", "cpe:/a:ibm:websphere_application_server:7.0.0.2", "cpe:/a:ibm:websphere_application_server:7.0.0.29", "cpe:/a:ibm:websphere_application_server:7.0.0.15", "cpe:/a:ibm:websphere_application_server:7.0.0.27", "cpe:/a:ibm:websphere_application_server:7.0.0.22", "cpe:/a:ibm:websphere_virtual_enterprise:7.0.0.3", "cpe:/a:ibm:websphere_application_server:8.0.0.0", "cpe:/a:ibm:websphere_application_server:7.0.0.5", "cpe:/a:ibm:websphere_application_server:7.0.0.1", "cpe:/a:ibm:websphere_application_server:8.0.0.6", "cpe:/a:ibm:websphere_application_server:8.5.0.2", "cpe:/a:ibm:websphere_application_server:7.0.0.14", "cpe:/a:ibm:websphere_virtual_enterprise:7.0.0.2", "cpe:/a:ibm:websphere_application_server:8.0.0.4", "cpe:/a:ibm:websphere_application_server:7.0.0.17", "cpe:/a:ibm:websphere_virtual_enterprise:7.0.0.1", "cpe:/a:ibm:websphere_application_server:7.0.0.4", "cpe:/a:ibm:websphere_application_server:8.0.0.1", "cpe:/a:ibm:websphere_application_server:7.0.0.6", "cpe:/a:ibm:websphere_application_server:7.0.0.13"], "id": "CVE-2013-6323", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6323", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_virtual_enterprise:7.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:25", "description": "The web-server plugin in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, when POST retries are enabled, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.", "edition": 4, "cvss3": {}, "published": "2014-05-01T17:29:00", "title": "CVE-2014-0859", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0859"], "modified": "2017-08-29T01:34:00", "cpe": ["cpe:/a:ibm:websphere_application_server:7.0.0.8", "cpe:/a:ibm:websphere_application_server:7.0.0.3", "cpe:/a:ibm:websphere_application_server:7.0.0.12", "cpe:/a:ibm:websphere_application_server:8.5.5.1", "cpe:/a:ibm:websphere_application_server:8.5.0.0", "cpe:/a:ibm:websphere_application_server:7.0", "cpe:/a:ibm:websphere_application_server:8.0.0.7", "cpe:/a:ibm:websphere_application_server:7.0.0.7", "cpe:/a:ibm:websphere_application_server:7.0.0.9", "cpe:/a:ibm:websphere_application_server:7.0.0.25", "cpe:/a:ibm:websphere_application_server:8.5.5.0", "cpe:/a:ibm:websphere_application_server:8.5.0.1", "cpe:/a:ibm:websphere_application_server:8.0.0.3", "cpe:/a:ibm:websphere_application_server:7.0.0.16", "cpe:/a:ibm:websphere_application_server:7.0.0.31", "cpe:/a:ibm:websphere_application_server:7.0.0.11", "cpe:/a:ibm:websphere_application_server:8.0.0.5", "cpe:/a:ibm:websphere_application_server:7.0.0.18", "cpe:/a:ibm:websphere_application_server:7.0.0.24", "cpe:/a:ibm:websphere_application_server:7.0.0.19", "cpe:/a:ibm:websphere_application_server:7.0.0.10", "cpe:/a:ibm:websphere_application_server:8.0.0.2", "cpe:/a:ibm:websphere_application_server:8.0.0.8", "cpe:/a:ibm:websphere_application_server:7.0.0.21", "cpe:/a:ibm:websphere_application_server:7.0.0.23", "cpe:/a:ibm:websphere_application_server:7.0.0.2", "cpe:/a:ibm:websphere_application_server:7.0.0.29", "cpe:/a:ibm:websphere_application_server:7.0.0.15", "cpe:/a:ibm:websphere_application_server:7.0.0.27", "cpe:/a:ibm:websphere_application_server:7.0.0.22", "cpe:/a:ibm:websphere_application_server:8.0.0.0", "cpe:/a:ibm:websphere_application_server:7.0.0.5", "cpe:/a:ibm:websphere_application_server:7.0.0.1", "cpe:/a:ibm:websphere_application_server:8.0.0.6", "cpe:/a:ibm:websphere_application_server:8.5.0.2", "cpe:/a:ibm:websphere_application_server:7.0.0.14", "cpe:/a:ibm:websphere_application_server:8.0.0.4", "cpe:/a:ibm:websphere_application_server:7.0.0.17", "cpe:/a:ibm:websphere_application_server:7.0.0.4", "cpe:/a:ibm:websphere_application_server:8.0.0.1", "cpe:/a:ibm:websphere_application_server:7.0.0.6", "cpe:/a:ibm:websphere_application_server:7.0.0.13"], "id": "CVE-2014-0859", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0859", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-04-01T07:45:33", "description": "IBM WebSphere Application Server 7.0 prior to Fix Pack 33 is running\non the remote host. It is, therefore, affected by the following\nvulnerabilities :\n\n - A cross-site scripting flaw exists within the\n Administration Console, where user input is improperly\n validated. This could allow a remote attacker, with a\n specially crafted request, to execute arbitrary script\n code within the browser / server trust relationship.\n (CVE-2013-6323, PI04777 and PI04880)\n\n - A denial of service flaw exists within the Global\n Security Kit when handling SSLv2 resumption during the\n SSL/TLS handshake. This could allow a remote attacker\n to crash the program. (CVE-2013-6329, PI05309)\n\n - A buffer overflow flaw exists in the HTTP server with\n the mod_dav module when using add-ons. This could allow\n a remote attacker to cause a buffer overflow and a\n denial of service. (CVE-2013-6438, PI09345)\n\n - A cross-site scripting flaw exists within OAuth where\n user input is not properly validated. This could allow\n a remote attacker, with a specially crafted request, to\n execute arbitrary script code within the browser /\n server trust relationship. (CVE-2013-6738, PI05661)\n\n - A denial of service flaw exists within the Global\n Security Kit when handling X.509 certificate chain\n during the initiation of an SSL/TLS connection. A remote\n attacker, using a malformed certificate chain, could\n cause the client or server to crash by hanging the\n Global Security Kit. (CVE-2013-6747, PI09443)\n\n - A denial of service flaw exists within the Apache\n Commons FileUpload when parsing a content-type header\n for a multipart request. A remote attacker, using a\n specially crafted request, could crash the program.\n (CVE-2014-0050, PI12648, PI12926 and PI13162)\n\n - A denial of service flaw exists in the 'mod_log_config'\n when logging a cookie with an unassigned value. A remote\n attacker, using a specially crafted request, can cause\n the program to crash. (CVE-2014-0098, PI13028)\n\n - A remote code execution flaw exists with Apache Struts.\n The failure to restrict setting of Class loader\n attributes could allow a remote attacker to\n execute arbitrary script code. (CVE-2014-0114, PI17190)\n\n - An information disclosure flaw exists in the\n 'sun.security.rsa.RSAPadding' with 'PKCS#1' unpadding.\n This many allow a remote attacker to gain timing\n information intended to be protected by encryption.\n (CVE-2014-0453)\n\n - A flaw exists within 'com.sun.jndi.dns.DnsClient'\n related to the randomization of query IDs. This could \n allow a remote attacker to conduct spoofing attacks.\n (CVE-2014-0460)\n\n - A denial of service flaw exists in a web server plugin\n on servers configured to retry failed POST request. This\n could allow a remote attacker to crash the application.\n (CVE-2014-0859, PI08892)\n\n - A flaw exists with the 'IBMJCE' and 'IBMSecureRandom'\n cryptographic providers by generating numbers in a\n predictable manner. This could allow a remote attacker\n to easily guess the output of the random number\n generator. (CVE-2014-0878)\n\n - An information disclosure flaw exists within Proxy and\n ODR servers. This could allow a remote attacker, using a\n specially crafted request, to gain access to potentially\n sensitive information. (CVE-2014-0891, PI09786)\n\n - A denial of service flaw exists within the IBM Security\n Access Manager for Web with the Reverse Proxy component.\n This could allow a remote attacker, using specially\n crafted TLS traffic, to cause the application on the\n system to become unresponsive. (CVE-2014-0963, PI17025)\n\n - An information disclosure flaw exists when handling SOAP\n responses. This could allow a remote attacker to\n potentially gain access to sensitive information.\n (CVE-2014-0965, PI11434)\n\n - An information disclosure flaw exists. A remote\n attacker, using a specially crafted URL, could gain\n access to potentially sensitive information.\n (CVE-2014-3022, PI09594)", "edition": 29, "published": "2014-08-01T00:00:00", "title": "IBM WebSphere Application Server 7.0 < Fix Pack 33 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0963", "CVE-2014-0859", "CVE-2014-0965", "CVE-2014-0453", "CVE-2014-0098", "CVE-2014-0878", "CVE-2013-6438", "CVE-2013-6323", "CVE-2014-0114", "CVE-2014-0050", "CVE-2013-6329", "CVE-2014-0460", "CVE-2014-0891", "CVE-2014-3022", "CVE-2013-6747", "CVE-2013-6738"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_7_0_0_33.NASL", "href": "https://www.tenable.com/plugins/nessus/76967", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76967);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2013-6323\",\n \"CVE-2013-6329\",\n \"CVE-2013-6438\",\n \"CVE-2013-6738\",\n \"CVE-2013-6747\",\n \"CVE-2014-0050\",\n \"CVE-2014-0098\",\n \"CVE-2014-0114\",\n \"CVE-2014-0453\",\n \"CVE-2014-0460\",\n \"CVE-2014-0859\",\n \"CVE-2014-0878\",\n \"CVE-2014-0891\",\n \"CVE-2014-0963\",\n \"CVE-2014-0965\",\n \"CVE-2014-3022\"\n );\n script_bugtraq_id(\n 64249,\n 65156,\n 65400,\n 66303,\n 66914,\n 66916,\n 67051,\n 67121,\n 67238,\n 67335,\n 67579,\n 67601,\n 67720,\n 68210,\n 68211\n );\n\n script_name(english:\"IBM WebSphere Application Server 7.0 < Fix Pack 33 Multiple Vulnerabilities\");\n script_summary(english:\"Reads the version number from the SOAP port.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote application server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"IBM WebSphere Application Server 7.0 prior to Fix Pack 33 is running\non the remote host. It is, therefore, affected by the following\nvulnerabilities :\n\n - A cross-site scripting flaw exists within the\n Administration Console, where user input is improperly\n validated. This could allow a remote attacker, with a\n specially crafted request, to execute arbitrary script\n code within the browser / server trust relationship.\n (CVE-2013-6323, PI04777 and PI04880)\n\n - A denial of service flaw exists within the Global\n Security Kit when handling SSLv2 resumption during the\n SSL/TLS handshake. This could allow a remote attacker\n to crash the program. (CVE-2013-6329, PI05309)\n\n - A buffer overflow flaw exists in the HTTP server with\n the mod_dav module when using add-ons. This could allow\n a remote attacker to cause a buffer overflow and a\n denial of service. (CVE-2013-6438, PI09345)\n\n - A cross-site scripting flaw exists within OAuth where\n user input is not properly validated. This could allow\n a remote attacker, with a specially crafted request, to\n execute arbitrary script code within the browser /\n server trust relationship. (CVE-2013-6738, PI05661)\n\n - A denial of service flaw exists within the Global\n Security Kit when handling X.509 certificate chain\n during the initiation of an SSL/TLS connection. A remote\n attacker, using a malformed certificate chain, could\n cause the client or server to crash by hanging the\n Global Security Kit. (CVE-2013-6747, PI09443)\n\n - A denial of service flaw exists within the Apache\n Commons FileUpload when parsing a content-type header\n for a multipart request. A remote attacker, using a\n specially crafted request, could crash the program.\n (CVE-2014-0050, PI12648, PI12926 and PI13162)\n\n - A denial of service flaw exists in the 'mod_log_config'\n when logging a cookie with an unassigned value. A remote\n attacker, using a specially crafted request, can cause\n the program to crash. (CVE-2014-0098, PI13028)\n\n - A remote code execution flaw exists with Apache Struts.\n The failure to restrict setting of Class loader\n attributes could allow a remote attacker to\n execute arbitrary script code. (CVE-2014-0114, PI17190)\n\n - An information disclosure flaw exists in the\n 'sun.security.rsa.RSAPadding' with 'PKCS#1' unpadding.\n This many allow a remote attacker to gain timing\n information intended to be protected by encryption.\n (CVE-2014-0453)\n\n - A flaw exists within 'com.sun.jndi.dns.DnsClient'\n related to the randomization of query IDs. This could \n allow a remote attacker to conduct spoofing attacks.\n (CVE-2014-0460)\n\n - A denial of service flaw exists in a web server plugin\n on servers configured to retry failed POST request. This\n could allow a remote attacker to crash the application.\n (CVE-2014-0859, PI08892)\n\n - A flaw exists with the 'IBMJCE' and 'IBMSecureRandom'\n cryptographic providers by generating numbers in a\n predictable manner. This could allow a remote attacker\n to easily guess the output of the random number\n generator. (CVE-2014-0878)\n\n - An information disclosure flaw exists within Proxy and\n ODR servers. This could allow a remote attacker, using a\n specially crafted request, to gain access to potentially\n sensitive information. (CVE-2014-0891, PI09786)\n\n - A denial of service flaw exists within the IBM Security\n Access Manager for Web with the Reverse Proxy component.\n This could allow a remote attacker, using specially\n crafted TLS traffic, to cause the application on the\n system to become unresponsive. (CVE-2014-0963, PI17025)\n\n - An information disclosure flaw exists when handling SOAP\n responses. This could allow a remote attacker to\n potentially gain access to sensitive information.\n (CVE-2014-0965, PI11434)\n\n - An information disclosure flaw exists. A remote\n attacker, using a specially crafted URL, could gain\n access to potentially sensitive information.\n (CVE-2014-3022, PI09594)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21676091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21659548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21663941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21667254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21667526\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21672843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21672316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21673013\");\n script_set_attribute(attribute:\"solution\", value:\n\"If using WebSphere Application Server, apply Fix Pack 33 (7.0.0.33) or\nlater.\n\nOtherwise, if using embedded WebSphere Application Server packaged\nwith Tivoli Directory Server, apply the latest recommended eWAS fix\npack.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0114\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_detect.nasl\");\n script_require_keys(\"www/WebSphere\");\n script_require_ports(\"Services/www\", 8880, 8881);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:8880, embedded:0);\n\nversion = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/version\");\nif (version !~ \"^7\\.0([^0-9]|$)\") audit(AUDIT_NOT_LISTEN, \"IBM WebSphere Application Server 7.0\", port);\nif (version =~ \"^[0-9]+(\\.[0-9]+)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"IBM WebSphere Application Server\", port, version);\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (ver[0] == 7 && ver[1] == 0 && ver[2] == 0 && ver[3] < 33)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n source = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/source\");\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 7.0.0.33' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"IBM WebSphere Application Server\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-01T07:45:39", "description": "IBM WebSphere Application Server 8.5 prior to Fix Pack 8.5.5.2 appears\nto be running on the remote host and is, therefore, potentially\naffected by the following vulnerabilities :\n\n - Numerous errors exist related to the included IBM SDK\n for Java (based on the Oracle JDK) that could allow\n denial of service attacks and information disclosure.\n (CVE-2013-5372, CVE-2013-5780, CVE-2013-5803)\n\n - User input validation errors exist related to the\n Administrative console and the Oauth component that\n could allow cross-site scripting attacks.\n (CVE-2013-6725 / PM98132, CVE-2013-6323 / PI04777,\n CVE-2013-6738 / PI05661)\n\n - An error exists due to a failure to properly\n handle by web services endpoint requests that\n could allow denial of service attacks.\n (CVE-2013-6325 / PM99450, PI08267)\n\n - An error exists in the included IBM Global Security\n Kit related to SSL handling that could allow denial\n of service attacks. (CVE-2013-6329 / PI05309)\n\n - A flaw exists with the 'mod_dav' module that is caused\n when tracking the length of CDATA that has leading\n white space. A remote attacker with a specially crafted\n DAV WRITE request can cause the service to stop\n responding. (CVE-2013-6438 / PI09345)\n\n - An error exists in the included IBM Global Security\n Kit related to malformed X.509 certificate chain\n handling that could allow denial of service attacks.\n (CVE-2013-6747 / PI09443)\n\n - An error exists in the included Apache Tomcat version\n related to handling 'Content-Type' HTTP headers and\n multipart requests such as file uploads that could\n allow denial of service attacks. (CVE-2014-0050 /\n PI12648, PI12926)\n\n - An unspecified error exists that could allow file\n disclosures to remote unauthenticated attackers.\n (CVE-2014-0823 / PI05324)\n\n - An unspecified error exists related to the\n Administrative console that could allow a security\n bypass. (CVE-2014-0857 / PI07808)\n\n - An error exists related to a web server plugin and\n retrying failed POST requests that could allow denial\n of service attacks. (CVE-2014-0859 / PI08892)\n\n - An error exists related to the Proxy and ODR components\n that could allow information disclosure. (CVE-2014-0891\n / PI09786)\n\n - An unspecified error exists related to the 'Liberty\n Profile' that could allow information disclosure.\n (CVE-2014-0896 / PI10134)", "edition": 28, "published": "2014-05-29T00:00:00", "title": "IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.2 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6325", "CVE-2014-0823", "CVE-2014-0859", "CVE-2014-0857", "CVE-2014-0896", "CVE-2013-5372", "CVE-2013-6438", "CVE-2013-6323", "CVE-2014-0050", "CVE-2013-6329", "CVE-2013-5780", "CVE-2014-0891", "CVE-2013-6725", "CVE-2013-5803", "CVE-2013-6747", "CVE-2013-6738"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_8_5_5_2.NASL", "href": "https://www.tenable.com/plugins/nessus/74235", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74235);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2013-5372\",\n \"CVE-2013-5780\",\n \"CVE-2013-5803\",\n \"CVE-2013-6323\",\n \"CVE-2013-6325\",\n \"CVE-2013-6329\",\n \"CVE-2013-6438\",\n \"CVE-2013-6725\",\n \"CVE-2013-6738\",\n \"CVE-2013-6747\",\n \"CVE-2014-0050\",\n \"CVE-2014-0823\",\n \"CVE-2014-0857\",\n \"CVE-2014-0859\",\n \"CVE-2014-0891\",\n \"CVE-2014-0896\"\n );\n script_bugtraq_id(\n 63082,\n 63115,\n 63224,\n 64249,\n 65096,\n 65099,\n 65156,\n 65400,\n 66303,\n 67051,\n 67327,\n 67328,\n 67329,\n 67335,\n 67579,\n 67720\n );\n\n script_name(english:\"IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.2 Multiple Vulnerabilities\");\n script_summary(english:\"Reads the version number from the SOAP port.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote application server may be affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"IBM WebSphere Application Server 8.5 prior to Fix Pack 8.5.5.2 appears\nto be running on the remote host and is, therefore, potentially\naffected by the following vulnerabilities :\n\n - Numerous errors exist related to the included IBM SDK\n for Java (based on the Oracle JDK) that could allow\n denial of service attacks and information disclosure.\n (CVE-2013-5372, CVE-2013-5780, CVE-2013-5803)\n\n - User input validation errors exist related to the\n Administrative console and the Oauth component that\n could allow cross-site scripting attacks.\n (CVE-2013-6725 / PM98132, CVE-2013-6323 / PI04777,\n CVE-2013-6738 / PI05661)\n\n - An error exists due to a failure to properly\n handle by web services endpoint requests that\n could allow denial of service attacks.\n (CVE-2013-6325 / PM99450, PI08267)\n\n - An error exists in the included IBM Global Security\n Kit related to SSL handling that could allow denial\n of service attacks. (CVE-2013-6329 / PI05309)\n\n - A flaw exists with the 'mod_dav' module that is caused\n when tracking the length of CDATA that has leading\n white space. A remote attacker with a specially crafted\n DAV WRITE request can cause the service to stop\n responding. (CVE-2013-6438 / PI09345)\n\n - An error exists in the included IBM Global Security\n Kit related to malformed X.509 certificate chain\n handling that could allow denial of service attacks.\n (CVE-2013-6747 / PI09443)\n\n - An error exists in the included Apache Tomcat version\n related to handling 'Content-Type' HTTP headers and\n multipart requests such as file uploads that could\n allow denial of service attacks. (CVE-2014-0050 /\n PI12648, PI12926)\n\n - An unspecified error exists that could allow file\n disclosures to remote unauthenticated attackers.\n (CVE-2014-0823 / PI05324)\n\n - An unspecified error exists related to the\n Administrative console that could allow a security\n bypass. (CVE-2014-0857 / PI07808)\n\n - An error exists related to a web server plugin and\n retrying failed POST requests that could allow denial\n of service attacks. (CVE-2014-0859 / PI08892)\n\n - An error exists related to the Proxy and ODR components\n that could allow information disclosure. (CVE-2014-0891\n / PI09786)\n\n - An unspecified error exists related to the 'Liberty\n Profile' that could allow information disclosure.\n (CVE-2014-0896 / PI10134)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24037250\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg27036319#8552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21669554\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21655990\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Fix Pack 8.5.5.2 for version 8.5 (8.5.5.0) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0050\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_detect.nasl\");\n script_require_keys(\"www/WebSphere\");\n script_require_ports(\"Services/www\", 8880, 8881);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:8880, embedded:0);\n\nversion = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/version\");\nsource = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/source\");\n\nif (version !~ \"^8\\.5([^0-9]|$)\") audit(AUDIT_NOT_LISTEN, \"IBM WebSphere Application Server 8.5\", port);\n\nif (version =~ \"^[0-9]+(\\.[0-9]+)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"IBM WebSphere Application Server\", port, version);\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (\n ver[0] == 8 &&\n ver[1] == 5 &&\n (\n ver[2] < 5\n ||\n (ver[2] == 5 && ver[3] < 2)\n )\n)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 8.5.5.2' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"IBM WebSphere Application Server\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-01T07:45:37", "description": "IBM WebSphere Application Server 8.0 prior to Fix Pack 9 is running on\nthe remote host. It is, therefore, affected by the following\nvulnerabilities :\n\n - A cross-site scripting flaw exists within the\n Administration Console, where user input is improperly\n validated. This could allow a remote attacker, with a\n specially crafted request, to execute arbitrary script\n code within the browser / server trust relationship.\n (CVE-2013-6323, PI04777 and PI04880)\n\n - A denial of service flaw exists within the Global\n Security Kit when handling SSLv2 resumption during the\n SSL/TLS handshake. This could allow a remote attacker\n to crash the program. (CVE-2013-6329, PI05309)\n\n - A buffer overflow flaw exists in the HTTP server with\n the mod_dav module when using add-ons. This could allow\n a remote attacker to cause a buffer overflow and a\n denial of service. (CVE-2013-6438, PI09345)\n\n - A cross-site scripting flaw exists within OAuth where\n user input is not properly validated. This could allow\n a remote attacker, with a specially crafted request, to\n execute arbitrary script code within the browser /\n server trust relationship. (CVE-2013-6738, PI05661)\n\n - A denial of service flaw exists within the Global\n Security Kit when handling X.509 certificate chain\n during the initiation of a SSL/TLS connection. A remote\n attacker, using a malformed certificate chain, could\n cause the client or server to crash by hanging the\n Global Security Kit. (CVE-2013-6747, PI09443)\n\n - A denial of service flaw exists within the Apache\n Commons FileUpload when parsing a content-type header\n for a multipart request. A remote attacker, using a\n specially crafted request, could crash the program.\n (CVE-2014-0050, PI12648, PI12926 and PI13162)\n\n - A flaw exists in the Elliptic Curve Digital Signature\n Algorithm implementation which could allow a malicious\n process to recover ECDSA nonces.\n (CVE-2014-0076, PI19700)\n\n - A denial of service flaw exists in the 'mod_log_config'\n when logging a cookie with an unassigned value. A remote\n attacker, using a specially crafted request, can cause\n the program to crash. (CVE-2014-0098, PI13028)\n\n - An information disclosure flaw exists in the\n 'sun.security.rsa.RSAPadding' with 'PKCS#1' unpadding.\n This many allow a remote attacker to gain timing\n information intended to be protected by encryption.\n (CVE-2014-0453)\n\n - A flaw exists with 'com.sun.jndi.dns.DnsClient' related\n to the randomization of query IDs. This could allow a\n remote attacker to conduct spoofing attacks.\n (CVE-2014-0460)\n\n - A flaw exists in the Full and Liberty profiles. A remote\n attacker, using a specially crafted request, could gain\n access to arbitrary files. (CVE-2014-0823, PI05324)\n\n - An information disclosure flaw exists within the\n Administrative Console. This could allow a network\n attacker, using a specially crafted request, to gain\n privileged access. (CVE-2014-0857, PI07808)\n\n - A denial of service flaw exists in a web server plugin\n on servers configured to retry failed POST request. This\n could allow a remote attacker to crash the application.\n (CVE-2014-0859, PI08892)\n\n - An information disclosure flaw exists within Proxy and\n ODR servers. This could allow a remote attacker, using a\n specially crafted request, to gain access to potentially\n sensitive information. (CVE-2014-0891, PI09786)\n\n - A denial of service flaw exists within the IBM Security\n Access Manager for Web with the Reverse Proxy component.\n This could allow a remote attacker, using specially\n crafted TLS traffic, to cause the application on the\n system to become unresponsive. (CVE-2014-0963, PI17025)\n\n - An information disclosure flaw exists when handling SOAP\n responses. This could allow a remote attacker to\n potentially gain access to sensitive information.\n (CVE-2014-0965, PI11434)\n\n - An information disclosure flaw exists. A remote\n attacker, using a specially crafted URL, could gain\n access to potentially sensitive information.\n (CVE-2014-3022, PI09594)", "edition": 28, "published": "2014-08-04T00:00:00", "title": "IBM WebSphere Application Server 8.0 < Fix Pack 9 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0963", "CVE-2014-0823", "CVE-2014-0859", "CVE-2014-0857", "CVE-2014-0965", "CVE-2014-0076", "CVE-2014-0453", "CVE-2014-0098", "CVE-2014-0878", "CVE-2013-6438", "CVE-2013-6323", "CVE-2014-0050", "CVE-2013-6329", "CVE-2014-0460", "CVE-2014-0891", "CVE-2014-3022", "CVE-2013-6747", "CVE-2013-6738"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_8_0_0_9.NASL", "href": "https://www.tenable.com/plugins/nessus/76995", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76995);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/25\");\n\n script_cve_id(\n \"CVE-2013-6323\",\n \"CVE-2013-6329\",\n \"CVE-2013-6438\",\n \"CVE-2013-6738\",\n \"CVE-2013-6747\",\n \"CVE-2014-0050\",\n \"CVE-2014-0076\",\n \"CVE-2014-0098\",\n \"CVE-2014-0453\",\n \"CVE-2014-0460\",\n \"CVE-2014-0823\",\n \"CVE-2014-0857\",\n \"CVE-2014-0859\",\n \"CVE-2014-0878\",\n \"CVE-2014-0891\",\n \"CVE-2014-0963\",\n \"CVE-2014-0965\",\n \"CVE-2014-3022\"\n );\n script_bugtraq_id(\n 64249,\n 65156,\n 65400,\n 66303,\n 66914,\n 66916,\n 67051,\n 67238,\n 67327,\n 67329,\n 67335,\n 67579,\n 67601,\n 67720,\n 68210,\n 68211\n );\n\n script_name(english:\"IBM WebSphere Application Server 8.0 < Fix Pack 9 Multiple Vulnerabilities\");\n script_summary(english:\"Reads the version number from the SOAP port.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote application server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"IBM WebSphere Application Server 8.0 prior to Fix Pack 9 is running on\nthe remote host. It is, therefore, affected by the following\nvulnerabilities :\n\n - A cross-site scripting flaw exists within the\n Administration Console, where user input is improperly\n validated. This could allow a remote attacker, with a\n specially crafted request, to execute arbitrary script\n code within the browser / server trust relationship.\n (CVE-2013-6323, PI04777 and PI04880)\n\n - A denial of service flaw exists within the Global\n Security Kit when handling SSLv2 resumption during the\n SSL/TLS handshake. This could allow a remote attacker\n to crash the program. (CVE-2013-6329, PI05309)\n\n - A buffer overflow flaw exists in the HTTP server with\n the mod_dav module when using add-ons. This could allow\n a remote attacker to cause a buffer overflow and a\n denial of service. (CVE-2013-6438, PI09345)\n\n - A cross-site scripting flaw exists within OAuth where\n user input is not properly validated. This could allow\n a remote attacker, with a specially crafted request, to\n execute arbitrary script code within the browser /\n server trust relationship. (CVE-2013-6738, PI05661)\n\n - A denial of service flaw exists within the Global\n Security Kit when handling X.509 certificate chain\n during the initiation of a SSL/TLS connection. A remote\n attacker, using a malformed certificate chain, could\n cause the client or server to crash by hanging the\n Global Security Kit. (CVE-2013-6747, PI09443)\n\n - A denial of service flaw exists within the Apache\n Commons FileUpload when parsing a content-type header\n for a multipart request. A remote attacker, using a\n specially crafted request, could crash the program.\n (CVE-2014-0050, PI12648, PI12926 and PI13162)\n\n - A flaw exists in the Elliptic Curve Digital Signature\n Algorithm implementation which could allow a malicious\n process to recover ECDSA nonces.\n (CVE-2014-0076, PI19700)\n\n - A denial of service flaw exists in the 'mod_log_config'\n when logging a cookie with an unassigned value. A remote\n attacker, using a specially crafted request, can cause\n the program to crash. (CVE-2014-0098, PI13028)\n\n - An information disclosure flaw exists in the\n 'sun.security.rsa.RSAPadding' with 'PKCS#1' unpadding.\n This many allow a remote attacker to gain timing\n information intended to be protected by encryption.\n (CVE-2014-0453)\n\n - A flaw exists with 'com.sun.jndi.dns.DnsClient' related\n to the randomization of query IDs. This could allow a\n remote attacker to conduct spoofing attacks.\n (CVE-2014-0460)\n\n - A flaw exists in the Full and Liberty profiles. A remote\n attacker, using a specially crafted request, could gain\n access to arbitrary files. (CVE-2014-0823, PI05324)\n\n - An information disclosure flaw exists within the\n Administrative Console. This could allow a network\n attacker, using a specially crafted request, to gain\n privileged access. (CVE-2014-0857, PI07808)\n\n - A denial of service flaw exists in a web server plugin\n on servers configured to retry failed POST request. This\n could allow a remote attacker to crash the application.\n (CVE-2014-0859, PI08892)\n\n - An information disclosure flaw exists within Proxy and\n ODR servers. This could allow a remote attacker, using a\n specially crafted request, to gain access to potentially\n sensitive information. (CVE-2014-0891, PI09786)\n\n - A denial of service flaw exists within the IBM Security\n Access Manager for Web with the Reverse Proxy component.\n This could allow a remote attacker, using specially\n crafted TLS traffic, to cause the application on the\n system to become unresponsive. (CVE-2014-0963, PI17025)\n\n - An information disclosure flaw exists when handling SOAP\n responses. This could allow a remote attacker to\n potentially gain access to sensitive information.\n (CVE-2014-0965, PI11434)\n\n - An information disclosure flaw exists. A remote\n attacker, using a specially crafted URL, could gain\n access to potentially sensitive information.\n (CVE-2014-3022, PI09594)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21676092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21659548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21663941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21667254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21667526\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21672843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21673013\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Fix Pack 9 for version 8.0 (8.0.0.9) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0050\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_detect.nasl\");\n script_require_keys(\"www/WebSphere\");\n script_require_ports(\"Services/www\", 8880, 8881);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:8880, embedded:0);\n\nversion = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/version\");\nif (version !~ \"^8\\.0([^0-9]|$)\") audit(AUDIT_NOT_LISTEN, \"IBM WebSphere Application Server 8.0\", port);\nif (version =~ \"^[0-9]+(\\.[0-9]+)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"IBM WebSphere Application Server\", port, version);\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (ver[0] == 8 && ver[1] == 0 && ver[2] == 0 && ver[3] < 9)\n{\n set_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n\n if (report_verbosity > 0)\n {\n source = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/source\");\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 8.0.0.9' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"IBM WebSphere Application Server\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}