Lucene search
Copyright (C) 2016 Greenbone AGOPENVAS:1361412562310806831HistoryJan 19, 2016 - 12:00 a.m.
IBM Websphere Application Server Multiple Vulnerabilities -06 (Jan 2016)
2016-01-1900:00:00
Copyright (C) 2016 Greenbone AG
plugins.openvas.org
17
9.4 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.007 Low
EPSS
Percentile
79.8%
IBM Websphere application server is prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:ibm:websphere_application_server";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.806831");
script_version("2024-02-20T05:05:48+0000");
script_cve_id("CVE-2013-6325", "CVE-2013-6725");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_tag(name:"last_modification", value:"2024-02-20 05:05:48 +0000 (Tue, 20 Feb 2024)");
script_tag(name:"creation_date", value:"2016-01-19 15:54:16 +0530 (Tue, 19 Jan 2016)");
script_tag(name:"qod_type", value:"remote_banner");
script_name("IBM Websphere Application Server Multiple Vulnerabilities -06 (Jan 2016)");
script_tag(name:"summary", value:"IBM Websphere application server is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Multiple flaws are due to
- improper handling of requests by a web services endpoint.
- improper validation of input in the Administrative Console.");
script_tag(name:"impact", value:"Successful exploitation will allow
remote attacker to inject arbitrary web script or HTML and to cause a denial
of service (resource consumption).");
script_tag(name:"affected", value:"IBM WebSphere Application Server (WAS)
7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2");
script_tag(name:"solution", value:"Upgrade to IBM WebSphere Application
Server (WAS) version 7.0.0.31, or 8.0.0.8, or 8.5.5.2 or later.");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21661323");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/65099");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/65096");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone AG");
script_family("Web Servers");
script_dependencies("gb_ibm_websphere_detect.nasl");
script_mandatory_keys("ibm_websphere_application_server/installed");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if(!wasVer = get_app_version(cpe:CPE, nofork:TRUE))
exit(0);
if(version_in_range(version:wasVer, test_version:"7", test_version2:"7.0.0.30"))
{
fix = "7.0.0.31";
VULN = TRUE;
}
else if(version_in_range(version:wasVer, test_version:"8", test_version2:"8.0.0.7"))
{
fix = "8.0.0.8";
VULN = TRUE;
}
else if(version_in_range(version:wasVer, test_version:"8.5", test_version2:"8.5.5.1"))
{
fix = "8.5.0.2";
VULN = TRUE;
}
if(VULN)
{
report = report_fixed_ver(installed_version:wasVer, fixed_version:fix);
security_message(port:0, data:report);
exit(0);
}
exit(99);
Related
cve
cve
CVE-2013-6325
2014-01-16 20:55:00
CVE-2013-6725
2014-01-16 20:55:00
prion
prion
Code injection
2014-01-16 20:55:00
Cross site scripting
2014-01-16 20:55:00
ibm
ibm
nessus
nessus
9.4 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.007 Low
EPSS
Percentile
79.8%
Related for OPENVAS:1361412562310806831