Lucene search
Copyright (C) 2016 Greenbone AGOPENVAS:1361412562310806884HistoryMar 03, 2016 - 12:00 a.m.
IBM Websphere Application Server Information Disclosure Vulnerability-01 (Mar 2016)
2016-03-0300:00:00
Copyright (C) 2016 Greenbone AG
plugins.openvas.org
14
9.3 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
75.0%
IBM Websphere application server is prone to information-disclosure vulnerability.
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:ibm:websphere_application_server";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.806884");
script_version("2024-02-20T05:05:48+0000");
script_cve_id("CVE-2014-3022", "CVE-2014-0965");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_tag(name:"last_modification", value:"2024-02-20 05:05:48 +0000 (Tue, 20 Feb 2024)");
script_tag(name:"creation_date", value:"2016-03-03 18:23:56 +0530 (Thu, 03 Mar 2016)");
script_tag(name:"qod_type", value:"remote_banner");
script_name("IBM Websphere Application Server Information Disclosure Vulnerability-01 (Mar 2016)");
script_tag(name:"summary", value:"IBM Websphere application server is prone to information-disclosure vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The flaw is due to improper handling
of SOAP responses.");
script_tag(name:"impact", value:"Successful exploitation will allow
remote authenticated attackers to obtain sensitive information.");
script_tag(name:"affected", value:"IBM WebSphere Application Server (WAS)
7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3.");
script_tag(name:"solution", value:"Upgrade to IBM WebSphere Application
Server (WAS) version 7.0.0.33, or 8.0.0.9, or 8.5.5.3, or later");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21676091");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/68210");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/68211");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone AG");
script_family("Web Servers");
script_dependencies("gb_ibm_websphere_detect.nasl");
script_mandatory_keys("ibm_websphere_application_server/installed");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if(!wasVer = get_app_version(cpe:CPE, nofork:TRUE))
exit(0);
if(version_in_range(version:wasVer, test_version:"7.0", test_version2:"7.0.0.32"))
{
fix = "7.0.0.33";
VULN = TRUE;
}
else if(version_in_range(version:wasVer, test_version:"8.0", test_version2:"8.0.0.8"))
{
fix = "8.0.0.9";
VULN = TRUE;
}
else if(version_in_range(version:wasVer, test_version:"8.5", test_version2:"8.5.5.2"))
{
fix = "8.5.5.3";
VULN = TRUE;
}
if(VULN)
{
report = report_fixed_ver(installed_version:wasVer, fixed_version:fix);
security_message(port:0, data:report);
exit(0);
}
exit(99);
Related
openvas
openvas
cve
cve
CVE-2014-3022
2014-08-22 01:55:00
CVE-2014-0965
2014-08-22 01:55:00
prion
prion
Design/Logic Flaw
2014-08-22 01:55:00
Information disclosure
2014-08-22 01:55:00
ibm
ibm
nessus
nessus
IBM WebSphere Application Server 7.0 < Fix Pack 33 Multiple Vulnerabilities
2014-08-01 00:00:00
IBM WebSphere Application Server 7.0 < 7.0.0.33 Multiple Vulnerabilities
2016-10-26 00:00:00
9.3 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
75.0%
Related for OPENVAS:1361412562310806884