Lucene search
Copyright (C) 2016 Greenbone AGOPENVAS:1361412562310807621HistoryMar 21, 2016 - 12:00 a.m.
IBM Websphere Application Server Multiple Vulnerabilities-04 (Mar 2016)
2016-03-2100:00:00
Copyright (C) 2016 Greenbone AG
plugins.openvas.org
13
5.4 Medium
AI Score
Confidence
Low
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
80.0%
IBM Websphere application server is prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:ibm:websphere_application_server";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.807621");
script_version("2024-02-20T05:05:48+0000");
script_cve_id("CVE-2015-1882", "CVE-2015-0175", "CVE-2015-0174");
script_tag(name:"cvss_base", value:"8.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:C/I:C/A:C");
script_tag(name:"last_modification", value:"2024-02-20 05:05:48 +0000 (Tue, 20 Feb 2024)");
script_tag(name:"creation_date", value:"2016-03-21 14:49:58 +0530 (Mon, 21 Mar 2016)");
script_tag(name:"qod_type", value:"remote_banner");
script_name("IBM Websphere Application Server Multiple Vulnerabilities-04 (Mar 2016)");
script_tag(name:"summary", value:"IBM Websphere application server is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Multiple flaws are due to:
- The Run-as user for EJB not being honored under multi-threaded race conditions.
- An error with the authData elements.
- An improper handling of configuration data in SNMP implementation.");
script_tag(name:"impact", value:"Successful exploitation will allow remote
attackers to gain elevated privileges on the system, also to obtain
sensitive information.");
script_tag(name:"affected", value:"IBM WebSphere Application Server (WAS)
Liberty Profile 8.5.x before 8.5.5.5.");
script_tag(name:"solution", value:"Upgrade to IBM WebSphere Application
Server (WAS) Liberty Profile version 8.5.5.5, or later.");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"URL", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21697368");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74222");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74223");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/74215");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone AG");
script_family("Web Servers");
script_dependencies("gb_ibm_websphere_detect.nasl");
script_mandatory_keys("ibm_websphere_application_server/installed");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if(!wasVer = get_app_version(cpe:CPE, nofork:TRUE))
exit(0);
if(version_in_range(version:wasVer, test_version:"8.5", test_version2:"8.5.5.4"))
{
report = report_fixed_ver(installed_version:wasVer, fixed_version:"8.5.5.5");
security_message(port:0, data:report);
exit(0);
}
exit(99);
Related
nessus
nessus
IBM WebSphere Application Server 8.5.5.x < 8.5.5.5 Multiple Vulnerabilities
2017-04-04 00:00:00
IBM WebSphere Application Server Multiple Vulnerabilities
2015-05-08 00:00:00
ibm
ibm
prion
prion
Race condition
2015-04-27 12:59:00
Design/Logic Flaw
2015-04-27 12:59:00
Code injection
2015-04-27 12:59:00
cve
cve
5.4 Medium
AI Score
Confidence
Low
8.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
80.0%
Related for OPENVAS:1361412562310807621