Search...

IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011

2011-03-22T00:00:00

ID OPENVAS:801863
Type openvas
Reporter Copyright (C) 2011 Greenbone Networks GmbH
Modified 2017-09-04T00:00:00

Description

The host is running IBM WebSphere Application Server and is prone to multiple vulnerabilities.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ibm_was_mult_vuln_mar11_02.nasl 7052 2017-09-04 11:50:51Z teissa $
#
# IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011
#
# Authors:
# Sooraj KS &lt;kssooraj@secpod.com&gt;
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation will let attackers to gain privileges or cause a
  denial of service.
  Impact Level: Application";
tag_affected = "IBM WebSphere Application Server versions 6.1.0.x before 6.1.0.37 and
  7.x before 7.0.0.15";
tag_insight = "- Memory leak in 'com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl' in the JavaServer
    Pages (JSP) component allows remote attackers to cause a denial of service
    by sending many JSP requests that trigger large responses.
  - The AuthCache purge implementation in the Security component does not purge
    a user from the PlatformCredential cache, which allows remote authenticated
    users to gain privileges by leveraging a group membership specified in an
    old RACF Object.
  - The SOAP with Attachments API for Java (SAAJ) implementation in the Web
    Services component allows remote attackers to cause a denial of service
    via encrypted SOAP messages.";
tag_solution = "Upgrade to IBM WebSphere Application Server version 6.1.0.37 or 7.0.0.15,
  http://www-01.ibm.com/support/docview.wss?uid=swg24028875";
tag_summary = "The host is running IBM WebSphere Application Server and is prone to multiple
  vulnerabilities.";

if(description)
{
  script_id(801863);
  script_version("$Revision: 7052 $");
  script_tag(name:"last_modification", value:"$Date: 2017-09-04 13:50:51 +0200 (Mon, 04 Sep 2017) $");
  script_tag(name:"creation_date", value:"2011-03-22 08:43:18 +0100 (Tue, 22 Mar 2011)");
  script_cve_id("CVE-2011-1317", "CVE-2011-1321", "CVE-2011-1322");
  script_tag(name:"cvss_base", value:"6.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_name("IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011");
  script_xref(name : "URL" , value : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463");

  script_tag(name:"qod_type", value:"remote_banner");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
  script_family("Web Servers");
  script_dependencies("gb_ibm_websphere_detect.nasl");
  script_require_ports("Services/www", 80);
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  exit(0);
}


include("http_func.inc");
include("version_func.inc");
include("host_details.inc");

CPE = 'cpe:/a:ibm:websphere_application_server';

if( ! vers = get_app_version( cpe:CPE, nofork:TRUE ) ) exit( 0 );

## Check for IBM WebSphere Application Server versions
if(version_in_range(version: vers, test_version: "6.1", test_version2: "6.1.0.36") ||
   version_in_range(version: vers, test_version: "7.0", test_version2: "7.0.0.14")) {
  report = report_fixed_ver( installed_version:vers, fixed_version:'6.1.0.37/7.0.0.15' );
  security_message(port:0, data:report);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:801863", "type": "openvas", "bulletinFamily": "scanner", "title": "IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011", "description": "The host is running IBM WebSphere Application Server and is prone to multiple\n vulnerabilities.", "published": "2011-03-22T00:00:00", "modified": "2017-09-04T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=801863", "reporter": "Copyright (C) 2011 Greenbone Networks GmbH", "references": ["http://www-01.ibm.com/support/docview.wss?uid=swg27014463"], "cvelist": ["CVE-2011-1317", "CVE-2011-1322", "CVE-2011-1321"], "lastseen": "2017-09-05T11:22:35", "viewCount": 0, "enchantments": {"score": {"value": 6.5, "vector": "NONE", "modified": "2017-09-05T11:22:35", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-1322", "CVE-2011-1317", "CVE-2011-1321"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310801863"]}, {"type": "nessus", "idList": ["WEBSPHERE_6_1_0_37.NASL", "WEBSPHERE_7_0_0_15.NASL"]}], "modified": "2017-09-05T11:22:35", "rev": 2}, "vulnersScore": 6.5}, "pluginID": "801863", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ibm_was_mult_vuln_mar11_02.nasl 7052 2017-09-04 11:50:51Z teissa $\n#\n# IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let attackers to gain privileges or cause a\n denial of service.\n Impact Level: Application\";\ntag_affected = \"IBM WebSphere Application Server versions 6.1.0.x before 6.1.0.37 and\n 7.x before 7.0.0.15\";\ntag_insight = \"- Memory leak in 'com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl' in the JavaServer\n Pages (JSP) component allows remote attackers to cause a denial of service\n by sending many JSP requests that trigger large responses.\n - The AuthCache purge implementation in the Security component does not purge\n a user from the PlatformCredential cache, which allows remote authenticated\n users to gain privileges by leveraging a group membership specified in an\n old RACF Object.\n - The SOAP with Attachments API for Java (SAAJ) implementation in the Web\n Services component allows remote attackers to cause a denial of service\n via encrypted SOAP messages.\";\ntag_solution = \"Upgrade to IBM WebSphere Application Server version 6.1.0.37 or 7.0.0.15,\n http://www-01.ibm.com/support/docview.wss?uid=swg24028875\";\ntag_summary = \"The host is running IBM WebSphere Application Server and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(801863);\n script_version(\"$Revision: 7052 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-04 13:50:51 +0200 (Mon, 04 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-22 08:43:18 +0100 (Tue, 22 Mar 2011)\");\n script_cve_id(\"CVE-2011-1317\", \"CVE-2011-1321\", \"CVE-2011-1322\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011\");\n script_xref(name : \"URL\" , value : \"http://www-01.ibm.com/support/docview.wss?uid=swg27014463\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_ibm_websphere_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nCPE = 'cpe:/a:ibm:websphere_application_server';\n\nif( ! vers = get_app_version( cpe:CPE, nofork:TRUE ) ) exit( 0 );\n\n## Check for IBM WebSphere Application Server versions\nif(version_in_range(version: vers, test_version: \"6.1\", test_version2: \"6.1.0.36\") ||\n version_in_range(version: vers, test_version: \"7.0\", test_version2: \"7.0.0.14\")) {\n report = report_fixed_ver( installed_version:vers, fixed_version:'6.1.0.37/7.0.0.15' );\n security_message(port:0, data:report);\n}\n", "naslFamily": "Web Servers"}

{"cve": [{"lastseen": "2021-02-02T05:51:00", "description": "The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via encrypted SOAP messages.", "edition": 4, "cvss3": {}, "published": "2011-03-08T21:59:00", "title": "CVE-2011-1322", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1322"], "modified": "2011-03-09T05:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server:7.0.0.8", "cpe:/a:ibm:websphere_application_server:6.1.0.2", "cpe:/a:ibm:websphere_application_server:7.0.0.3", "cpe:/a:ibm:websphere_application_server:7.0", "cpe:/a:ibm:websphere_application_server:7.0.0.7", "cpe:/a:ibm:websphere_application_server:7.0.0.9", "cpe:/a:ibm:websphere_application_server:6.1.0.25", "cpe:/a:ibm:websphere_application_server:6.1.0.5", "cpe:/a:ibm:websphere_application_server:6.1.0.35", "cpe:/a:ibm:websphere_application_server:6.1.0", "cpe:/a:ibm:websphere_application_server:6.1.0.3", "cpe:/a:ibm:websphere_application_server:7.0.0.11", "cpe:/a:ibm:websphere_application_server:6.1.0.29", "cpe:/a:ibm:websphere_application_server:6.1.0.7", "cpe:/a:ibm:websphere_application_server:6.1.0.1", "cpe:/a:ibm:websphere_application_server:7.0.0.2", "cpe:/a:ibm:websphere_application_server:6.1.0.11", "cpe:/a:ibm:websphere_application_server:6.1.0.21", "cpe:/a:ibm:websphere_application_server:6.1.0.27", "cpe:/a:ibm:websphere_application_server:7.0.0.5", "cpe:/a:ibm:websphere_application_server:7.0.0.1", "cpe:/a:ibm:websphere_application_server:6.1.0.9", "cpe:/a:ibm:websphere_application_server:6.1.0.31", "cpe:/a:ibm:websphere_application_server:6.1.0.33", "cpe:/a:ibm:websphere_application_server:6.1.0.12", "cpe:/a:ibm:websphere_application_server:7.0.0.4", "cpe:/a:ibm:websphere_application_server:6.1.0.0", "cpe:/a:ibm:websphere_application_server:6.1.0.23", "cpe:/a:ibm:websphere_application_server:7.0.0.6", "cpe:/a:ibm:websphere_application_server:7.0.0.13", "cpe:/a:ibm:websphere_application_server:6.1.0.19", "cpe:/a:ibm:websphere_application_server:6.1.0.15", "cpe:/a:ibm:websphere_application_server:6.1.0.17"], "id": "CVE-2011-1322", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1322", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:51:00", "description": "Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by sending many JSP requests that trigger large responses.", "edition": 4, "cvss3": {}, "published": "2011-03-08T21:59:00", "title": "CVE-2011-1317", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1317"], "modified": "2011-04-07T04:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server:7.0.0.8", "cpe:/a:ibm:websphere_application_server:6.1.0.2", "cpe:/a:ibm:websphere_application_server:7.0.0.3", "cpe:/a:ibm:websphere_application_server:7.0", "cpe:/a:ibm:websphere_application_server:7.0.0.7", "cpe:/a:ibm:websphere_application_server:7.0.0.9", "cpe:/a:ibm:websphere_application_server:6.1.0.25", "cpe:/a:ibm:websphere_application_server:6.1.0.5", "cpe:/a:ibm:websphere_application_server:6.1.0.35", "cpe:/a:ibm:websphere_application_server:6.1.0", "cpe:/a:ibm:websphere_application_server:6.1.0.3", "cpe:/a:ibm:websphere_application_server:7.0.0.11", "cpe:/a:ibm:websphere_application_server:6.1.0.29", "cpe:/a:ibm:websphere_application_server:6.1.0.7", "cpe:/a:ibm:websphere_application_server:6.1.0.1", "cpe:/a:ibm:websphere_application_server:7.0.0.2", "cpe:/a:ibm:websphere_application_server:6.1.0.11", "cpe:/a:ibm:websphere_application_server:6.1.0.21", "cpe:/a:ibm:websphere_application_server:6.1.0.27", "cpe:/a:ibm:websphere_application_server:7.0.0.5", "cpe:/a:ibm:websphere_application_server:7.0.0.1", "cpe:/a:ibm:websphere_application_server:6.1.0.9", "cpe:/a:ibm:websphere_application_server:6.1.0.31", "cpe:/a:ibm:websphere_application_server:6.1.0.33", "cpe:/a:ibm:websphere_application_server:6.1.0.12", "cpe:/a:ibm:websphere_application_server:7.0.0.4", "cpe:/a:ibm:websphere_application_server:6.1.0.0", "cpe:/a:ibm:websphere_application_server:6.1.0.23", "cpe:/a:ibm:websphere_application_server:7.0.0.6", "cpe:/a:ibm:websphere_application_server:7.0.0.13", "cpe:/a:ibm:websphere_application_server:6.1.0.19", "cpe:/a:ibm:websphere_application_server:6.1.0.15", "cpe:/a:ibm:websphere_application_server:6.1.0.17"], "id": "CVE-2011-1317", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1317", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:51:00", "description": "The AuthCache purge implementation in the Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group membership specified in an old RACF Object (aka RACO).", "edition": 4, "cvss3": {}, "published": "2011-03-08T21:59:00", "title": "CVE-2011-1321", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1321"], "modified": "2011-03-10T05:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server:7.0.0.8", "cpe:/a:ibm:websphere_application_server:6.1.0.2", "cpe:/a:ibm:websphere_application_server:7.0.0.3", "cpe:/a:ibm:websphere_application_server:7.0", "cpe:/a:ibm:websphere_application_server:7.0.0.7", "cpe:/a:ibm:websphere_application_server:7.0.0.9", "cpe:/a:ibm:websphere_application_server:6.1.0.25", "cpe:/a:ibm:websphere_application_server:6.1.0.5", "cpe:/a:ibm:websphere_application_server:6.1.0.35", "cpe:/a:ibm:websphere_application_server:6.1.0", "cpe:/a:ibm:websphere_application_server:6.1.0.3", "cpe:/a:ibm:websphere_application_server:7.0.0.11", "cpe:/a:ibm:websphere_application_server:6.1.0.29", "cpe:/a:ibm:websphere_application_server:6.1.0.7", "cpe:/a:ibm:websphere_application_server:6.1.0.1", "cpe:/a:ibm:websphere_application_server:7.0.0.2", "cpe:/a:ibm:websphere_application_server:6.1.0.11", "cpe:/a:ibm:websphere_application_server:6.1.0.21", "cpe:/a:ibm:websphere_application_server:6.1.0.27", "cpe:/a:ibm:websphere_application_server:7.0.0.5", "cpe:/a:ibm:websphere_application_server:7.0.0.1", "cpe:/a:ibm:websphere_application_server:6.1.0.9", "cpe:/a:ibm:websphere_application_server:6.1.0.31", "cpe:/a:ibm:websphere_application_server:6.1.0.33", "cpe:/a:ibm:websphere_application_server:6.1.0.12", "cpe:/a:ibm:websphere_application_server:7.0.0.4", "cpe:/a:ibm:websphere_application_server:6.1.0.0", "cpe:/a:ibm:websphere_application_server:6.1.0.23", "cpe:/a:ibm:websphere_application_server:7.0.0.6", "cpe:/a:ibm:websphere_application_server:7.0.0.13", "cpe:/a:ibm:websphere_application_server:6.1.0.19", "cpe:/a:ibm:websphere_application_server:6.1.0.15", "cpe:/a:ibm:websphere_application_server:6.1.0.17"], "id": "CVE-2011-1321", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1321", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:39:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1317", "CVE-2011-1322", "CVE-2011-1321"], "description": "The host is running IBM WebSphere Application Server and is prone to multiple\n vulnerabilities.", "modified": "2019-02-21T00:00:00", "published": "2011-03-22T00:00:00", "id": "OPENVAS:1361412562310801863", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801863", "type": "openvas", "title": "IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ibm_was_mult_vuln_mar11_02.nasl 13803 2019-02-21 08:24:24Z cfischer $\n#\n# IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801863\");\n script_version(\"$Revision: 13803 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-21 09:24:24 +0100 (Thu, 21 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-22 08:43:18 +0100 (Tue, 22 Mar 2011)\");\n script_cve_id(\"CVE-2011-1317\", \"CVE-2011-1321\", \"CVE-2011-1322\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_ibm_websphere_detect.nasl\");\n script_mandatory_keys(\"ibm_websphere_application_server/installed\");\n\n script_xref(name:\"URL\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg27014463\");\n script_xref(name:\"URL\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24028875\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to gain privileges or cause a\n denial of service.\");\n\n script_tag(name:\"affected\", value:\"IBM WebSphere Application Server versions 6.1.0.x before 6.1.0.37 and\n 7.x before 7.0.0.15.\");\n\n script_tag(name:\"insight\", value:\"- Memory leak in 'com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl' in the JavaServer\n Pages (JSP) component allows remote attackers to cause a denial of service\n by sending many JSP requests that trigger large responses.\n\n - The AuthCache purge implementation in the Security component does not purge\n a user from the PlatformCredential cache, which allows remote authenticated\n users to gain privileges by leveraging a group membership specified in an old RACF Object.\n\n - The SOAP with Attachments API for Java (SAAJ) implementation in the Web\n Services component allows remote attackers to cause a denial of service\n via encrypted SOAP messages.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to IBM WebSphere Application Server version 6.1.0.37 or 7.0.0.15.\");\n\n script_tag(name:\"summary\", value:\"The host is running IBM WebSphere Application Server and is prone to multiple\n vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nCPE = \"cpe:/a:ibm:websphere_application_server\";\n\nif(!vers = get_app_version(cpe:CPE, nofork:TRUE))\n exit(0);\n\nif(version_in_range(version:vers, test_version:\"6.1\", test_version2:\"6.1.0.36\") ||\n version_in_range(version:vers, test_version:\"7.0\", test_version2:\"7.0.0.14\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"6.1.0.37/7.0.0.15\");\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-03-01T07:49:40", "description": "IBM WebSphere Application Server 6.1 before Fix Pack 37 appears to be\nrunning on the remote host. As such, it is potentially affected by\nthe following vulnerabilities :\n\n - It is possible to trigger a DoS condition via SAAJ\n API provided by the WebSphere Web services runtime.\n (PM19534)\n\n - An unspecified cross-site scripting vulnerability\n exists in the IVT application. (PM20393)\n\n - The AuthCache purge implementation is not able to\n purge a user in AuthCache. (PM24668)\n\n - A remote attacker can gain unspecified application access\n on z/OS, when a Local OS user registry or Federated\n Repository with RACF adapter is used. (PM35478)", "edition": 26, "published": "2011-04-18T00:00:00", "title": "IBM WebSphere Application Server 6.1 < 6.1.0.37 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1683", "CVE-2011-1322", "CVE-2011-1321", "CVE-2011-1308"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_6_1_0_37.NASL", "href": "https://www.tenable.com/plugins/nessus/53475", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(53475);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/15 20:50:26\");\n\n script_cve_id(\n \"CVE-2011-1308\",\n \"CVE-2011-1321\",\n \"CVE-2011-1322\",\n \"CVE-2011-1683\"\n );\n script_bugtraq_id(46736, 47122);\n script_xref(name:\"Secunia\", value:\"44031\");\n\n script_name(english:\"IBM WebSphere Application Server 6.1 < 6.1.0.37 Multiple Vulnerabilities\");\n script_summary(english:\"Reads the version number from the SOAP port\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote application server is affected by multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"IBM WebSphere Application Server 6.1 before Fix Pack 37 appears to be\nrunning on the remote host. As such, it is potentially affected by\nthe following vulnerabilities :\n\n - It is possible to trigger a DoS condition via SAAJ\n API provided by the WebSphere Web services runtime.\n (PM19534)\n\n - An unspecified cross-site scripting vulnerability\n exists in the IVT application. (PM20393)\n\n - The AuthCache purge implementation is not able to\n purge a user in AuthCache. (PM24668)\n\n - A remote attacker can gain unspecified application access\n on z/OS, when a Local OS user registry or Federated\n Repository with RACF adapter is used. (PM35478)\"\n );\n script_set_attribute(attribute:\"see_also\",value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21404665\");\n script_set_attribute(attribute:\"see_also\",value:\"http://www-01.ibm.com/support/docview.wss?uid=swg27009778\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21473989\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1PM19534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/support/docview.wss?uid=swg1PM24668\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg27007951#61037\");\n script_set_attribute(attribute:\"solution\", value:\n\"If using WebSphere Application Server, apply Fix Pack 37 (6.1.0.37) or\nlater. \n\nOtherwise, if using embedded WebSphere Application Server packaged with\nTivoli Directory Server, apply the latest recommended eWAS fix pack.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/04/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"websphere_detect.nasl\");\n script_require_ports(\"Services/www\", 8880, 8881);\n script_require_keys(\"www/WebSphere\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:8880, embedded:FALSE);\n\n\nversion = get_kb_item(\"www/WebSphere/\"+port+\"/version\");\nif (isnull(version)) exit(1, \"Failed to extract the version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\nif (version =~ \"^[0-9]+(\\.[0-9]+)?$\")\n exit(1, \"Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (ver[0] == 6 && ver[1] == 1 && ver[2] == 0 && ver[3] < 37)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n source = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/source\");\n\n report =\n '\\n Source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 6.1.0.37' +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse exit(0, \"The WebSphere Application Server \"+version+\" instance listening on port \"+port+\" is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-01T07:49:43", "description": "IBM WebSphere Application Server 7.0 before Fix Pack 15 appears to be\nrunning on the remote host. As such, it is reportedly affected by the\nfollowing vulnerabilities :\n\n - A double free error in BBOOORBR control block could\n trigger a denial of service condition. (PM17170)\n\n - A cross-site scripting vulnerability exists in the\n web container. (PM18512)\n\n - It is possible for authenticated users to trigger a DoS\n condition by using Lightweight Third-Party\n Authentication (LTPA) tokens for authentication.\n (PM18644)\n\n - Sensitive wsadmin command parameters are included in\n trace files, which could result in an information\n disclosure vulnerability. (PM18736)\n\n - A memory leak in\n 'com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl' could\n trigger a DoS condition. (PM19500)\n\n - It is possible to trigger a DoS condition via SAAJ\n API provided by the WebSphere Web services runtime.\n (PM19534)\n\n - The Service Integration Bus (SIB) messaging engine is\n affected by a DoS issue. (PM19834)\n\n - The installer creates a temporary log file directory\n with open '777' permissions. (PM20021)\n\n - A cross-site scripting vulnerability exists in the\n IVT application.(PM20393)\n\n - User credentials are not cleared from the cache, even\n after an user has logged out. (PM21536)\n\n - Trace requests are not handled correctly, which could\n result in an unspecified issue. (PM22860)\n\n - A memory leak in\n 'org.apache.jasper.runtime.JspWriterImpl.response' could\n trigger a denial of service condition. (PM23029)\n\n - Under certain conditions, SIP proxy may stop processing\n UDP messages, resulting in a DoS condition. (PM23115)\n\n - Memory leak in the messaging engine could trigger a\n denial of service condition. (PM23626)\n\n - Improper access is allowed to certain control servlets.\n (PM24372)\n\n - The AuthCache purge implementation is not able to\n purge a user in AuthCache. (PM24668)\n\n - Incorrect security role mapping could occur while\n using J2EE 1.4 application. (PM25455)\n\n - It is possible for Administrator role members to modify\n primary administrative id via the administrative\n console. (PK88606)", "edition": 27, "published": "2011-03-10T00:00:00", "title": "IBM WebSphere Application Server 7.0 < Fix Pack 15 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0316", "CVE-2011-1320", "CVE-2011-1307", "CVE-2011-1314", "CVE-2011-1316", "CVE-2011-1309", "CVE-2011-1315", "CVE-2011-1317", "CVE-2011-1311", "CVE-2011-0315", "CVE-2011-1322", "CVE-2011-1321", "CVE-2011-1313", "CVE-2011-1312", "CVE-2011-1319", "CVE-2011-1310", "CVE-2011-1308", "CVE-2011-1318"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_7_0_0_15.NASL", "href": "https://www.tenable.com/plugins/nessus/52615", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(52615);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/15 20:50:26\");\n\n script_cve_id(\n \"CVE-2011-0315\",\n \"CVE-2011-0316\",\n \"CVE-2011-1307\",\n \"CVE-2011-1308\",\n \"CVE-2011-1309\",\n \"CVE-2011-1310\",\n \"CVE-2011-1311\",\n \"CVE-2011-1312\",\n \"CVE-2011-1313\",\n \"CVE-2011-1314\",\n \"CVE-2011-1315\",\n \"CVE-2011-1316\",\n \"CVE-2011-1317\",\n \"CVE-2011-1318\",\n \"CVE-2011-1319\",\n \"CVE-2011-1320\",\n \"CVE-2011-1321\",\n \"CVE-2011-1322\"\n );\n script_bugtraq_id(46736);\n script_xref(name:\"Secunia\", value:\"42938\");\n script_xref(name:\"Secunia\", value:\"43211\");\n\n script_name(english:\"IBM WebSphere Application Server 7.0 < Fix Pack 15 Multiple Vulnerabilities\");\n script_summary(english:\"Reads the version number from the SOAP port\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote application server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"IBM WebSphere Application Server 7.0 before Fix Pack 15 appears to be\nrunning on the remote host. As such, it is reportedly affected by the\nfollowing vulnerabilities :\n\n - A double free error in BBOOORBR control block could\n trigger a denial of service condition. (PM17170)\n\n - A cross-site scripting vulnerability exists in the\n web container. (PM18512)\n\n - It is possible for authenticated users to trigger a DoS\n condition by using Lightweight Third-Party\n Authentication (LTPA) tokens for authentication.\n (PM18644)\n\n - Sensitive wsadmin command parameters are included in\n trace files, which could result in an information\n disclosure vulnerability. (PM18736)\n\n - A memory leak in\n 'com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl' could\n trigger a DoS condition. (PM19500)\n\n - It is possible to trigger a DoS condition via SAAJ\n API provided by the WebSphere Web services runtime.\n (PM19534)\n\n - The Service Integration Bus (SIB) messaging engine is\n affected by a DoS issue. (PM19834)\n\n - The installer creates a temporary log file directory\n with open '777' permissions. (PM20021)\n\n - A cross-site scripting vulnerability exists in the\n IVT application.(PM20393)\n\n - User credentials are not cleared from the cache, even\n after an user has logged out. (PM21536)\n\n - Trace requests are not handled correctly, which could\n result in an unspecified issue. (PM22860)\n\n - A memory leak in\n 'org.apache.jasper.runtime.JspWriterImpl.response' could\n trigger a denial of service condition. (PM23029)\n\n - Under certain conditions, SIP proxy may stop processing\n UDP messages, resulting in a DoS condition. (PM23115)\n\n - Memory leak in the messaging engine could trigger a\n denial of service condition. (PM23626)\n\n - Improper access is allowed to certain control servlets.\n (PM24372)\n\n - The AuthCache purge implementation is not able to\n purge a user in AuthCache. (PM24668)\n\n - Incorrect security role mapping could occur while\n using J2EE 1.4 application. (PM25455)\n\n - It is possible for Administrator role members to modify\n primary administrative id via the administrative\n console. (PK88606)\");\n\n script_set_attribute(attribute:\"see_also\",value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21404665\");\n script_set_attribute(attribute:\"see_also\",value:\"http://www-01.ibm.com/support/docview.wss?uid=swg27009778\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1PM17170\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1PM18644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/support/docview.wss?uid=swg1PM19500\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1PM19534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/support/docview.wss?uid=swg1PM19834\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/support/docview.wss?uid=swg1PM24668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/support/docview.wss?uid=swg1PM21536\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1PM23115\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www-01.ibm.com/support/docview.wss?uid=swg1PK88606\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg27014463#70015\");\n\n script_set_attribute(attribute:\"solution\", value:\n\"If using WebSphere Application Server, apply Fix Pack 15 (7.0.0.15) or\nlater. \n\nOtherwise, if using embedded WebSphere Application Server packaged with\nTivoli Directory Server, apply the latest recommended eWAS fix pack.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"websphere_detect.nasl\");\n script_require_ports(\"Services/www\", 8880, 8881);\n script_require_keys(\"www/WebSphere\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:8880, embedded:0);\n\n\nversion = get_kb_item(\"www/WebSphere/\"+port+\"/version\");\nif (isnull(version)) exit(1, \"Failed to extract the version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\nif (version =~ \"^[0-9]+(\\.[0-9]+)?$\")\n exit(1, \"Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (ver[0] == 7 && ver[1] == 0 && ver[2] == 0 && ver[3] < 15)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n source = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/source\");\n\n report =\n '\\n Source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 7.0.0.15' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse exit(0, \"The WebSphere Application Server \"+version+\" instance listening on port \"+port+\" is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}