Lucene search
Copyright (C) 2016 Greenbone AGOPENVAS:1361412562310806886HistoryMar 03, 2016 - 12:00 a.m.
IBM Websphere Application Server Arbitrary Code Execution Vulnerability (Mar 2016)
2016-03-0300:00:00
Copyright (C) 2016 Greenbone AG
plugins.openvas.org
13
9.7 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.0%
IBM Websphere application server is prone to an arbitrary code execution vulnerability.
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:ibm:websphere_application_server";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.806886");
script_version("2024-02-20T05:05:48+0000");
script_cve_id("CVE-2014-4767");
script_tag(name:"cvss_base", value:"6.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_tag(name:"last_modification", value:"2024-02-20 05:05:48 +0000 (Tue, 20 Feb 2024)");
script_tag(name:"creation_date", value:"2016-03-03 18:23:53 +0530 (Thu, 03 Mar 2016)");
script_tag(name:"qod_type", value:"remote_banner");
script_name("IBM Websphere Application Server Arbitrary Code Execution Vulnerability (Mar 2016)");
script_tag(name:"summary", value:"IBM Websphere application server is prone to an arbitrary code execution vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The flaw is due to improper usage of the
Liberty Repository for feature installation.");
script_tag(name:"impact", value:"Successful exploitation will allow remote
attackers to execute arbitrary code.");
script_tag(name:"affected", value:"IBM WebSphere Application Server (WAS)
Liberty Profile 8.5.x before 8.5.5.3.");
script_tag(name:"solution", value:"Upgrade to IBM WebSphere Application
Server (WAS) version 8.5.5.3, or later.");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21681249");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/69297");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone AG");
script_family("Web Servers");
script_dependencies("gb_ibm_websphere_detect.nasl");
script_mandatory_keys("ibm_websphere_application_server/installed");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if(!wasVer = get_app_version(cpe:CPE, nofork:TRUE))
exit(0);
if(version_in_range(version:wasVer, test_version:"8.5", test_version2:"8.5.5.2"))
{
report = report_fixed_ver(installed_version:wasVer, fixed_version:"8.5.5.3");
security_message(port:0, data:report);
exit(0);
}
exit(99);
Related
cve
cve
CVE-2014-4767
2014-08-22 01:55:00
prion
prion
Design/Logic Flaw
2014-08-22 01:55:00
ibm
ibm
Security Bulletin: Weaker than expected security with Liberty Repository affecting Rational Application Developer for WebSphere Software (CVE-2014-4767)
2020-02-05 00:09:48
Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.3
2022-09-08 00:26:26
WebSphere Application Server and IBM HTTP Server Security Bulletin List
2022-07-13 18:04:48
nessus
nessus
9.7 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.0%
Related for OPENVAS:1361412562310806886