IBM Websphere Application Server Information Disclosure Vulnerability Jan16
2016-01-19T00:00:00
ID OPENVAS:1361412562310806830 Type openvas Reporter Copyright (C) 2016 Greenbone Networks GmbH Modified 2019-02-21T00:00:00
Description
This host is installed with IBM Websphere
application server and is prone to information disclosure vulnerability.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ibm_websphere_info_disclose_vuln_jan16.nasl 13803 2019-02-21 08:24:24Z cfischer $
#
# IBM Websphere Application Server Information Disclosure Vulnerability Jan16
#
# Authors:
# Kashinath T <tkashinath@secpod.com>
#
# Copyright:
# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
CPE = "cpe:/a:ibm:websphere_application_server";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.806830");
script_version("$Revision: 13803 $");
script_cve_id("CVE-2014-0896");
script_bugtraq_id(67328);
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_tag(name:"last_modification", value:"$Date: 2019-02-21 09:24:24 +0100 (Thu, 21 Feb 2019) $");
script_tag(name:"creation_date", value:"2016-01-19 11:46:38 +0530 (Tue, 19 Jan 2016)");
script_tag(name:"qod_type", value:"remote_banner");
script_name("IBM Websphere Application Server Information Disclosure Vulnerability Jan16");
script_tag(name:"summary", value:"This host is installed with IBM Websphere
application server and is prone to information disclosure vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The flaw is due to
- insufficient validation of requests made to the server.");
script_tag(name:"impact", value:"Successful exploitation will allow
remote attackers to obtain sensitive information.");
script_tag(name:"affected", value:"IBM WebSphere Application Server (WAS)
versions 8.5.x before 8.5.5.2");
script_tag(name:"solution", value:"Upgrade to IBM WebSphere Application
Server (WAS) version 8.5.5.2 or later.");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21669554");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone Networks GmbH");
script_family("Web Servers");
script_dependencies("gb_ibm_websphere_detect.nasl");
script_mandatory_keys("ibm_websphere_application_server/installed");
script_xref(name:"URL", value:"http://www-03.ibm.com/software/products/en/appserv-was");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if(!wasVer = get_app_version(cpe:CPE, nofork:TRUE))
exit(0);
if(version_in_range(version:wasVer, test_version:"8.5", test_version2:"8.5.5.1"))
{
report = report_fixed_ver(installed_version:wasVer, fixed_version:"8.5.5.");
security_message(port:0, data:report);
exit(0);
}
exit(99);
{"id": "OPENVAS:1361412562310806830", "type": "openvas", "bulletinFamily": "scanner", "title": "IBM Websphere Application Server Information Disclosure Vulnerability Jan16", "description": "This host is installed with IBM Websphere\n application server and is prone to information disclosure vulnerability.", "published": "2016-01-19T00:00:00", "modified": "2019-02-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806830", "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "references": ["http://www-03.ibm.com/software/products/en/appserv-was", "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"], "cvelist": ["CVE-2014-0896"], "lastseen": "2019-05-29T18:35:49", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-0896"]}, {"type": "nessus", "idList": ["WEBSPHERE_8_5_5_2.NASL"]}], "modified": "2019-05-29T18:35:49", "rev": 2}, "score": {"value": 4.1, "vector": "NONE", "modified": "2019-05-29T18:35:49", "rev": 2}, "vulnersScore": 4.1}, "pluginID": "1361412562310806830", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ibm_websphere_info_disclose_vuln_jan16.nasl 13803 2019-02-21 08:24:24Z cfischer $\n#\n# IBM Websphere Application Server Information Disclosure Vulnerability Jan16\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:ibm:websphere_application_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.806830\");\n script_version(\"$Revision: 13803 $\");\n script_cve_id(\"CVE-2014-0896\");\n script_bugtraq_id(67328);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-21 09:24:24 +0100 (Thu, 21 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-19 11:46:38 +0530 (Tue, 19 Jan 2016)\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_name(\"IBM Websphere Application Server Information Disclosure Vulnerability Jan16\");\n\n script_tag(name:\"summary\", value:\"This host is installed with IBM Websphere\n application server and is prone to information disclosure vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to\n\n - insufficient validation of requests made to the server.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow\n remote attackers to obtain sensitive information.\");\n\n script_tag(name:\"affected\", value:\"IBM WebSphere Application Server (WAS)\n versions 8.5.x before 8.5.5.2\");\n\n script_tag(name:\"solution\", value:\"Upgrade to IBM WebSphere Application\n Server (WAS) version 8.5.5.2 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21669554\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_ibm_websphere_detect.nasl\");\n script_mandatory_keys(\"ibm_websphere_application_server/installed\");\n\n script_xref(name:\"URL\", value:\"http://www-03.ibm.com/software/products/en/appserv-was\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!wasVer = get_app_version(cpe:CPE, nofork:TRUE))\n exit(0);\n\nif(version_in_range(version:wasVer, test_version:\"8.5\", test_version2:\"8.5.5.1\"))\n{\n report = report_fixed_ver(installed_version:wasVer, fixed_version:\"8.5.5.\");\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);", "naslFamily": "Web Servers"}
{"cve": [{"lastseen": "2020-10-03T12:01:13", "description": "IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request.", "edition": 3, "cvss3": {}, "published": "2014-05-01T17:29:00", "title": "CVE-2014-0896", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0896"], "modified": "2017-08-29T01:34:00", "cpe": ["cpe:/a:ibm:websphere_application_server:8.5.5.1", "cpe:/a:ibm:websphere_application_server:8.5.0.0", "cpe:/a:ibm:websphere_application_server:8.5.5.0", "cpe:/a:ibm:websphere_application_server:8.5.0.1", "cpe:/a:ibm:websphere_application_server:8.5.0.2"], "id": "CVE-2014-0896", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0896", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:-:liberty_profile:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:-:liberty_profile:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:-:liberty_profile:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:-:liberty_profile:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:-:liberty_profile:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-01T07:00:39", "description": "IBM WebSphere Application Server 8.5 prior to Fix Pack 8.5.5.2 appears\nto be running on the remote host and is, therefore, potentially\naffected by the following vulnerabilities :\n\n - Numerous errors exist related to the included IBM SDK\n for Java (based on the Oracle JDK) that could allow\n denial of service attacks and information disclosure.\n (CVE-2013-5372, CVE-2013-5780, CVE-2013-5803)\n\n - User input validation errors exist related to the\n Administrative console and the Oauth component that\n could allow cross-site scripting attacks.\n (CVE-2013-6725 / PM98132, CVE-2013-6323 / PI04777,\n CVE-2013-6738 / PI05661)\n\n - An error exists due to a failure to properly\n handle by web services endpoint requests that\n could allow denial of service attacks.\n (CVE-2013-6325 / PM99450, PI08267)\n\n - An error exists in the included IBM Global Security\n Kit related to SSL handling that could allow denial\n of service attacks. (CVE-2013-6329 / PI05309)\n\n - A flaw exists with the 'mod_dav' module that is caused\n when tracking the length of CDATA that has leading\n white space. A remote attacker with a specially crafted\n DAV WRITE request can cause the service to stop\n responding. (CVE-2013-6438 / PI09345)\n\n - An error exists in the included IBM Global Security\n Kit related to malformed X.509 certificate chain\n handling that could allow denial of service attacks.\n (CVE-2013-6747 / PI09443)\n\n - An error exists in the included Apache Tomcat version\n related to handling 'Content-Type' HTTP headers and\n multipart requests such as file uploads that could\n allow denial of service attacks. (CVE-2014-0050 /\n PI12648, PI12926)\n\n - An unspecified error exists that could allow file\n disclosures to remote unauthenticated attackers.\n (CVE-2014-0823 / PI05324)\n\n - An unspecified error exists related to the\n Administrative console that could allow a security\n bypass. (CVE-2014-0857 / PI07808)\n\n - An error exists related to a web server plugin and\n retrying failed POST requests that could allow denial\n of service attacks. (CVE-2014-0859 / PI08892)\n\n - An error exists related to the Proxy and ODR components\n that could allow information disclosure. (CVE-2014-0891\n / PI09786)\n\n - An unspecified error exists related to the 'Liberty\n Profile' that could allow information disclosure.\n (CVE-2014-0896 / PI10134)", "edition": 25, "published": "2014-05-29T00:00:00", "title": "IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.2 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6325", "CVE-2014-0823", "CVE-2014-0859", "CVE-2014-0857", "CVE-2014-0896", "CVE-2013-5372", "CVE-2013-6438", "CVE-2013-6323", "CVE-2014-0050", "CVE-2013-6329", "CVE-2013-5780", "CVE-2014-0891", "CVE-2013-6725", "CVE-2013-5803", "CVE-2013-6747", "CVE-2013-6738"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_8_5_5_2.NASL", "href": "https://www.tenable.com/plugins/nessus/74235", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74235);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\n \"CVE-2013-5372\",\n \"CVE-2013-5780\",\n \"CVE-2013-5803\",\n \"CVE-2013-6323\",\n \"CVE-2013-6325\",\n \"CVE-2013-6329\",\n \"CVE-2013-6438\",\n \"CVE-2013-6725\",\n \"CVE-2013-6738\",\n \"CVE-2013-6747\",\n \"CVE-2014-0050\",\n \"CVE-2014-0823\",\n \"CVE-2014-0857\",\n \"CVE-2014-0859\",\n \"CVE-2014-0891\",\n \"CVE-2014-0896\"\n );\n script_bugtraq_id(\n 63082,\n 63115,\n 63224,\n 64249,\n 65096,\n 65099,\n 65156,\n 65400,\n 66303,\n 67051,\n 67327,\n 67328,\n 67329,\n 67335,\n 67579,\n 67720\n );\n\n script_name(english:\"IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.2 Multiple Vulnerabilities\");\n script_summary(english:\"Reads the version number from the SOAP port.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote application server may be affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"IBM WebSphere Application Server 8.5 prior to Fix Pack 8.5.5.2 appears\nto be running on the remote host and is, therefore, potentially\naffected by the following vulnerabilities :\n\n - Numerous errors exist related to the included IBM SDK\n for Java (based on the Oracle JDK) that could allow\n denial of service attacks and information disclosure.\n (CVE-2013-5372, CVE-2013-5780, CVE-2013-5803)\n\n - User input validation errors exist related to the\n Administrative console and the Oauth component that\n could allow cross-site scripting attacks.\n (CVE-2013-6725 / PM98132, CVE-2013-6323 / PI04777,\n CVE-2013-6738 / PI05661)\n\n - An error exists due to a failure to properly\n handle by web services endpoint requests that\n could allow denial of service attacks.\n (CVE-2013-6325 / PM99450, PI08267)\n\n - An error exists in the included IBM Global Security\n Kit related to SSL handling that could allow denial\n of service attacks. (CVE-2013-6329 / PI05309)\n\n - A flaw exists with the 'mod_dav' module that is caused\n when tracking the length of CDATA that has leading\n white space. A remote attacker with a specially crafted\n DAV WRITE request can cause the service to stop\n responding. (CVE-2013-6438 / PI09345)\n\n - An error exists in the included IBM Global Security\n Kit related to malformed X.509 certificate chain\n handling that could allow denial of service attacks.\n (CVE-2013-6747 / PI09443)\n\n - An error exists in the included Apache Tomcat version\n related to handling 'Content-Type' HTTP headers and\n multipart requests such as file uploads that could\n allow denial of service attacks. (CVE-2014-0050 /\n PI12648, PI12926)\n\n - An unspecified error exists that could allow file\n disclosures to remote unauthenticated attackers.\n (CVE-2014-0823 / PI05324)\n\n - An unspecified error exists related to the\n Administrative console that could allow a security\n bypass. (CVE-2014-0857 / PI07808)\n\n - An error exists related to a web server plugin and\n retrying failed POST requests that could allow denial\n of service attacks. (CVE-2014-0859 / PI08892)\n\n - An error exists related to the Proxy and ODR components\n that could allow information disclosure. (CVE-2014-0891\n / PI09786)\n\n - An unspecified error exists related to the 'Liberty\n Profile' that could allow information disclosure.\n (CVE-2014-0896 / PI10134)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24037250\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg27036319#8552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-304.ibm.com/support/docview.wss?uid=swg21669554\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21655990\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Fix Pack 8.5.5.2 for version 8.5 (8.5.5.0) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0050\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"websphere_detect.nasl\");\n script_require_keys(\"www/WebSphere\");\n script_require_ports(\"Services/www\", 8880, 8881);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:8880, embedded:0);\n\nversion = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/version\");\nsource = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/source\");\n\nif (version !~ \"^8\\.5([^0-9]|$)\") audit(AUDIT_NOT_LISTEN, \"IBM WebSphere Application Server 8.5\", port);\n\nif (version =~ \"^[0-9]+(\\.[0-9]+)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"IBM WebSphere Application Server\", port, version);\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (\n ver[0] == 8 &&\n ver[1] == 5 &&\n (\n ver[2] < 5\n ||\n (ver[2] == 5 && ver[3] < 2)\n )\n)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 8.5.5.2' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"IBM WebSphere Application Server\", port, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}