Lucene search
Copyright (C) 2016 Greenbone AGOPENVAS:1361412562310806845HistoryJan 20, 2016 - 12:00 a.m.
IBM Websphere Application Server Multiple Vulnerabilities -13 (Jan 2016)
2016-01-2000:00:00
Copyright (C) 2016 Greenbone AG
plugins.openvas.org
15
9.4 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
54.5%
IBM Websphere application server is prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:ibm:websphere_application_server";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.806845");
script_version("2024-02-20T05:05:48+0000");
script_cve_id("CVE-2013-0565", "CVE-2013-0540");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/59252");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/59246");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_tag(name:"last_modification", value:"2024-02-20 05:05:48 +0000 (Tue, 20 Feb 2024)");
script_tag(name:"creation_date", value:"2016-01-20 15:54:07 +0530 (Wed, 20 Jan 2016)");
script_tag(name:"qod_type", value:"remote_banner");
script_name("IBM Websphere Application Server Multiple Vulnerabilities -13 (Jan 2016)");
script_tag(name:"summary", value:"IBM Websphere application server is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Multiple flaws are due to:
- Liberty Profile does not properly validate authentication cookies, when SSL
is not enabled.
- improper validation of user supplied input by the RPCAdapter for the Web2.0
and Mobile toolkit");
script_tag(name:"impact", value:"Successful exploitation will allow
remote attacker to bypass intended access restrictions, to inject arbitrary
web script or HTML via a crafted response.");
script_tag(name:"affected", value:"IBM WebSphere Application Server (WAS)
8.5 before 8.5.0.2");
script_tag(name:"solution", value:"Upgrade to IBM WebSphere Application
Server (WAS) version 8.5.0.2 or later.");
script_tag(name:"solution_type", value:"VendorFix");
# 2016-06-13: 404
# script_xref(name:"URL", value:"http://www-01.ibm.com/support/docview.wss?&uid=swg21632423");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone AG");
script_family("Web Servers");
script_dependencies("gb_ibm_websphere_detect.nasl");
script_mandatory_keys("ibm_websphere_application_server/installed");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if(!wasVer = get_app_version(cpe:CPE, nofork:TRUE))
exit(0);
if(version_in_range(version:wasVer, test_version:"8.5", test_version2:"8.5.0.1"))
{
report = report_fixed_ver(installed_version:wasVer, fixed_version:"8.5.0.2");
security_message(port:0, data:report);
exit(0);
}
exit(99);
Related
cve
cve
CVE-2013-0540
2013-04-24 10:28:00
CVE-2013-0565
2013-04-24 10:28:00
prion
prion
Authentication flaw
2013-04-24 10:28:00
Cross site scripting
2013-04-24 10:28:00
ibm
ibm
nessus
nessus
IBM WebSphere Application Server 8.5 < Fix Pack 2 Multiple Vulnerabilities
2013-05-10 00:00:00
9.4 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
54.5%
Related for OPENVAS:1361412562310806845