DDIVRT-2011-33 IBM WebSphere Application Server 'help' Servlet Plug-in Bundle Directory Traversal [CVE-2011-1359]
2011-11-06T00:00:00
ID SECURITYVULNS:DOC:27281 Type securityvulns Reporter Securityvulns Modified 2011-11-06T00:00:00
Description
Title
DDIVRT-2011-33 IBM WebSphere Application Server 'help' Servlet Plug-in Bundle Directory Traversal [CVE-2011-1359]
Severity
High
Date Discovered
July 28, 2011
Discovered By
Digital Defense, Inc. Vulnerability Research Team
Credit: Javier Castro, sxkeebler and r@b13$
Vulnerability Description
The default installation of the IBM WebSphere Application Server is
deployed with a 'help' servlet which is designed to serve supporting
documentation for the WebSphere system. When the 'help' servlet
processes a URL that contains a reference to a Java plug-in Bundle
that is registered with the Eclipse Platform Runtime Environment of
the WebSphere Application Server, the 'help' servlet fails to ensure
that the submitted URL refers to a file that is both located within the
web root of the servlet and is of a type that is allowed to be served.
An unauthenticated remote attacker can use this weakness in the
'help' servlet to retrieve arbitrary system files from the host that
is running the 'help' servlet. This can be accomplished by submitting
a URL which refers to a registered Java plug-in Bundle followed by a
relative path to the desired file.
Solution Description
IBM has released a patch for this issue. The patch is available through APAR PM45322.
WebSphere Application Server Version 8.0
WebSphere Application Server Version 7.0
WebSphere Application Server Version 6.1
Vendor Contact
Vendor Name: IBM
Vendor Website: http://www-01.ibm.com/software/webservers/appserv/was/library/
{"id": "SECURITYVULNS:DOC:27281", "bulletinFamily": "software", "title": "DDIVRT-2011-33 IBM WebSphere Application Server 'help' Servlet Plug-in Bundle Directory Traversal [CVE-2011-1359]", "description": "Title\r\n-----\r\nDDIVRT-2011-33 IBM WebSphere Application Server 'help' Servlet Plug-in Bundle Directory Traversal [CVE-2011-1359]\r\n\r\nSeverity\r\n--------\r\nHigh\r\n\r\nDate Discovered\r\n---------------\r\nJuly 28, 2011\r\n\r\nDiscovered By\r\n-------------\r\nDigital Defense, Inc. Vulnerability Research Team\r\nCredit: Javier Castro, sxkeebler and r@b13$\r\n\r\nVulnerability Description\r\n-------------------------\r\nThe default installation of the IBM WebSphere Application Server is \r\ndeployed with a 'help' servlet which is designed to serve supporting \r\ndocumentation for the WebSphere system. When the 'help' servlet \r\nprocesses a URL that contains a reference to a Java plug-in Bundle \r\nthat is registered with the Eclipse Platform Runtime Environment of \r\nthe WebSphere Application Server, the 'help' servlet fails to ensure \r\nthat the submitted URL refers to a file that is both located within the \r\nweb root of the servlet and is of a type that is allowed to be served.\r\n\r\nAn unauthenticated remote attacker can use this weakness in the \r\n'help' servlet to retrieve arbitrary system files from the host that \r\nis running the 'help' servlet. This can be accomplished by submitting \r\na URL which refers to a registered Java plug-in Bundle followed by a \r\nrelative path to the desired file.\r\n\r\nSolution Description\r\n--------------------\r\nIBM has released a patch for this issue. The patch is available through APAR PM45322.\r\n\r\nhttp://www-01.ibm.com/support/docview.wss?uid=swg21509257\r\n\r\nTested Systems / Software (with versions)\r\n------------------------------------------\r\nWebSphere Application Server Version 8.0\r\nWebSphere Application Server Version 7.0\r\nWebSphere Application Server Version 6.1\r\n\r\nVendor Contact\r\n--------------\r\nVendor Name: IBM\r\nVendor Website: http://www-01.ibm.com/software/webservers/appserv/was/library/\r\n", "published": "2011-11-06T00:00:00", "modified": "2011-11-06T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27281", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2011-1359"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:42", "edition": 1, "viewCount": 16, "enchantments": {"score": {"value": 6.9, "vector": "NONE", "modified": "2018-08-31T11:10:42", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-1359"]}, {"type": "openvas", "idList": ["OPENVAS:801977", "OPENVAS:1361412562310801977"]}, {"type": "nessus", "idList": ["WEBSPHERE_7_0_0_19.NASL", "WEBSPHERE_6_1_0_41.NASL", "WEBSPHERE_8_0_0_1.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12022"]}], "modified": "2018-08-31T11:10:42", "rev": 2}, "vulnersScore": 6.9}, "affectedSoftware": []}
{"cve": [{"lastseen": "2021-02-02T05:51:00", "description": "Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.", "edition": 4, "cvss3": {}, "published": "2011-09-06T15:55:00", "title": "CVE-2011-1359", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1359"], "modified": "2017-08-17T01:34:00", "cpe": ["cpe:/a:ibm:websphere_application_server:7.0.0.8", "cpe:/a:ibm:websphere_application_server:6.1.0.2", "cpe:/a:ibm:websphere_application_server:7.0.0.3", "cpe:/a:ibm:websphere_application_server:6.1.13", "cpe:/a:ibm:websphere_application_server:7.0", "cpe:/a:ibm:websphere_application_server:6.1.6", "cpe:/a:ibm:websphere_application_server:7.0.0.7", "cpe:/a:ibm:websphere_application_server:7.0.0.9", "cpe:/a:ibm:websphere_application_server:6.1.0.25", "cpe:/a:ibm:websphere_application_server:6.1.0.5", "cpe:/a:ibm:websphere_application_server:6.1.0.39", "cpe:/a:ibm:websphere_application_server:6.1.0.35", "cpe:/a:ibm:websphere_application_server:6.1.0", "cpe:/a:ibm:websphere_application_server:6.1.0.3", "cpe:/a:ibm:websphere_application_server:7.0.0.11", "cpe:/a:ibm:websphere_application_server:6.1.0.29", "cpe:/a:ibm:websphere_application_server:6.1.3", "cpe:/a:ibm:websphere_application_server:6.1.0.7", "cpe:/a:ibm:websphere_application_server:6.1.0.37", "cpe:/a:ibm:websphere_application_server:6.1.5", "cpe:/a:ibm:websphere_application_server:6.1.0.1", "cpe:/a:ibm:websphere_application_server:7.0.0.2", "cpe:/a:ibm:websphere_application_server:7.0.0.15", "cpe:/a:ibm:websphere_application_server:6.1.0.11", "cpe:/a:ibm:websphere_application_server:6.1.0.21", "cpe:/a:ibm:websphere_application_server:6.1.0.27", "cpe:/a:ibm:websphere_application_server:8.0.0.0", "cpe:/a:ibm:websphere_application_server:7.0.0.5", "cpe:/a:ibm:websphere_application_server:7.0.0.1", "cpe:/a:ibm:websphere_application_server:6.1.0.9", "cpe:/a:ibm:websphere_application_server:6.1.0.31", "cpe:/a:ibm:websphere_application_server:6.1.7", "cpe:/a:ibm:websphere_application_server:6.1.1", "cpe:/a:ibm:websphere_application_server:6.1.0.33", "cpe:/a:ibm:websphere_application_server:6.1.0.12", "cpe:/a:ibm:websphere_application_server:7.0.0.17", "cpe:/a:ibm:websphere_application_server:6.1", "cpe:/a:ibm:websphere_application_server:7.0.0.4", "cpe:/a:ibm:websphere_application_server:6.1.0.0", "cpe:/a:ibm:websphere_application_server:6.1.0.23", "cpe:/a:ibm:websphere_application_server:7.0.0.6", "cpe:/a:ibm:websphere_application_server:7.0.0.13", "cpe:/a:ibm:websphere_application_server:6.1.0.19", "cpe:/a:ibm:websphere_application_server:6.1.0.15", "cpe:/a:ibm:websphere_application_server:6.1.0.17", "cpe:/a:ibm:websphere_application_server:6.1.14"], "id": "CVE-2011-1359", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1359", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.39:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:6.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:7.0.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-09-04T14:19:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1359"], "description": "The host is running IBM WebSphere Application Server and is prone\n to directory traversal vulnerability.", "modified": "2017-08-31T00:00:00", "published": "2011-09-09T00:00:00", "id": "OPENVAS:801977", "href": "http://plugins.openvas.org/nasl.php?oid=801977", "type": "openvas", "title": "IBM WebSphere Application Server Administration Directory Traversal Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ibm_was_admin_console_dir_trav_vuln.nasl 7029 2017-08-31 11:51:40Z teissa $\n#\n# IBM WebSphere Application Server Administration Directory Traversal Vulnerability\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attackers to read arbitrary files on the\n affected application and obtain sensitive information that may lead to\n further attacks.\n Impact Level: Application\";\ntag_affected = \"IBM WebSphere Application Server versions 6.1 before 6.1.0.41,\n 7.0 before 7.0.0.19 and 8.0 before 8.0.0.1\";\ntag_insight = \"The flaw is due to error in administration console which fails to\n handle certain requests. This allows remote attackers to read arbitrary\n files via a '../' (dot dot) in the URI.\";\ntag_solution = \"Upgrade IBM WebSphere Application Server to 6.1.0.41 or 7.0.0.19 or\n 8.0.0.1\n For updates refer to http://www-01.ibm.com/support/docview.wss?uid=swg24028875\";\ntag_summary = \"The host is running IBM WebSphere Application Server and is prone\n to directory traversal vulnerability.\";\n\nif(description)\n{\n script_id(801977);\n script_version(\"$Revision: 7029 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-31 13:51:40 +0200 (Thu, 31 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-09 17:36:48 +0200 (Fri, 09 Sep 2011)\");\n script_cve_id(\"CVE-2011-1359\");\n script_bugtraq_id(49362);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"IBM WebSphere Application Server Administration Directory Traversal Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/45749\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/69473\");\n script_xref(name : \"URL\" , value : \"http://www-01.ibm.com/support/docview.wss?uid=swg21509257\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_ibm_websphere_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\ninclude(\"host_details.inc\");\n\nCPE = 'cpe:/a:ibm:websphere_application_server';\n\nif( ! vers = get_app_version( cpe:CPE, nofork:TRUE ) ) exit( 0 );\n\n## Check for IBM WebSphere Application Server versions\nif(version_is_equal(version: vers, test_version:\"8.0.0.0\") ||\n version_in_range(version: vers, test_version: \"6.1\", test_version2: \"6.1.0.40\") ||\n version_in_range(version: vers, test_version: \"7.0\", test_version2: \"7.0.0.18\")){\n report = report_fixed_ver( installed_version:vers, fixed_version:'6.1.0.41/7.0.0.19' );\n security_message(port:0, data:report);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1359"], "description": "The host is running IBM WebSphere Application Server and is prone\n to directory traversal vulnerability.", "modified": "2019-02-21T00:00:00", "published": "2011-09-09T00:00:00", "id": "OPENVAS:1361412562310801977", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801977", "type": "openvas", "title": "IBM WebSphere Application Server Administration Directory Traversal Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ibm_was_admin_console_dir_trav_vuln.nasl 13803 2019-02-21 08:24:24Z cfischer $\n#\n# IBM WebSphere Application Server Administration Directory Traversal Vulnerability\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801977\");\n script_version(\"$Revision: 13803 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-21 09:24:24 +0100 (Thu, 21 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-09 17:36:48 +0200 (Fri, 09 Sep 2011)\");\n script_cve_id(\"CVE-2011-1359\");\n script_bugtraq_id(49362);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"IBM WebSphere Application Server Administration Directory Traversal Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"Web Servers\");\n script_dependencies(\"gb_ibm_websphere_detect.nasl\");\n script_mandatory_keys(\"ibm_websphere_application_server/installed\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/45749\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/69473\");\n script_xref(name:\"URL\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21509257\");\n script_xref(name:\"URL\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24028875\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to read arbitrary files on the\n affected application and obtain sensitive information that may lead to further attacks.\");\n\n script_tag(name:\"affected\", value:\"IBM WebSphere Application Server versions 6.1 before 6.1.0.41,\n 7.0 before 7.0.0.19 and 8.0 before 8.0.0.1\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to error in administration console which fails to\n handle certain requests. This allows remote attackers to read arbitrary files via a '../' (dot dot) in the URI.\");\n\n script_tag(name:\"solution\", value:\"Upgrade IBM WebSphere Application Server to 6.1.0.41 or 7.0.0.19 or\n 8.0.0.1\");\n\n script_tag(name:\"summary\", value:\"The host is running IBM WebSphere Application Server and is prone\n to directory traversal vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nCPE = \"cpe:/a:ibm:websphere_application_server\";\n\nif(!vers = get_app_version(cpe:CPE, nofork:TRUE))\n exit(0);\n\nif(version_is_equal(version:vers, test_version:\"8.0.0.0\") ||\n version_in_range(version:vers, test_version:\"6.1\", test_version2:\"6.1.0.40\") ||\n version_in_range(version:vers, test_version:\"7.0\", test_version2:\"7.0.0.18\")){\n report = report_fixed_ver(installed_version:vers, fixed_version:\"6.1.0.41/7.0.0.19\");\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-03-01T07:49:43", "description": "IBM WebSphere Application Server 7.0 before Fix Pack 19 appears to be\nrunning on the remote host. As such, it is potentially affected by\nthe following vulnerabilities :\n\n - An open redirect vulnerability exists related to the\n 'logoutExitPage' parameter. This can allow remote\n attackers to trick users into requesting unintended\n URLs. (PM35701)\n\n - The administrative console can display a stack trace\n under unspecified circumstances and can disclose\n potentially sensitive information to local users.\n (PM36620)\n\n - The Installation Verification Tool servlet (IVT) does\n not properly sanitize user-supplied input of arbitrary\n HTML and script code, which could allow cross-site\n scripting attacks. (PM40733)\n\n - A token verification error exists in the bundled\n OpenSAML library. This error can allow an attacker to\n bypass security controls with an XML signature wrapping\n attack via SOAP messages. (PM43254)\n\n - A directory traversal attack is possible via unspecified\n parameters in the 'help' servlet. (PM45322)", "edition": 26, "published": "2011-09-19T00:00:00", "title": "IBM WebSphere Application Server 7.0 < Fix Pack 19 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1359", "CVE-2011-1355", "CVE-2011-1362", "CVE-2011-1411", "CVE-2011-1356"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_7_0_0_19.NASL", "href": "https://www.tenable.com/plugins/nessus/56229", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56229);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\n \"CVE-2011-1355\",\n \"CVE-2011-1356\",\n \"CVE-2011-1359\",\n \"CVE-2011-1362\",\n \"CVE-2011-1411\"\n );\n script_bugtraq_id(48709, 48710, 48890, 49362);\n\n script_name(english:\"IBM WebSphere Application Server 7.0 < Fix Pack 19 Multiple Vulnerabilities\");\n script_summary(english:\"Reads the version number from the SOAP port\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote application server may be affected by multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"IBM WebSphere Application Server 7.0 before Fix Pack 19 appears to be\nrunning on the remote host. As such, it is potentially affected by\nthe following vulnerabilities :\n\n - An open redirect vulnerability exists related to the\n 'logoutExitPage' parameter. This can allow remote\n attackers to trick users into requesting unintended\n URLs. (PM35701)\n\n - The administrative console can display a stack trace\n under unspecified circumstances and can disclose\n potentially sensitive information to local users.\n (PM36620)\n\n - The Installation Verification Tool servlet (IVT) does\n not properly sanitize user-supplied input of arbitrary\n HTML and script code, which could allow cross-site\n scripting attacks. (PM40733)\n\n - A token verification error exists in the bundled\n OpenSAML library. This error can allow an attacker to\n bypass security controls with an XML signature wrapping\n attack via SOAP messages. (PM43254)\n\n - A directory traversal attack is possible via unspecified\n parameters in the 'help' servlet. (PM45322)\"\n );\n script_set_attribute(attribute:\"see_also\",value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21404665\");\n script_set_attribute(attribute:\"see_also\",value:\"http://www-01.ibm.com/support/docview.wss?uid=swg27009778\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27014463#70019\");\n # PM35701 and PM36620\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1PM46122\");\n # PM43254\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1PM46125\");\n # PM45322\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1PM46125\");\n script_set_attribute(attribute:\"solution\", value:\n\"If using WebSphere Application Server, apply Fix Pack 19 (7.0.0.19) or\nlater. \n\nOtherwise, if using embedded WebSphere Application Server packaged with\nTivoli Directory Server, apply the latest recommended eWAS fix pack.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"websphere_detect.nasl\");\n script_require_ports(\"Services/www\", 8880, 8881);\n script_require_keys(\"www/WebSphere\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:8880, embedded:0);\n\n\nversion = get_kb_item(\"www/WebSphere/\"+port+\"/version\");\nif (isnull(version)) exit(1, \"Failed to extract the version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\nif (version =~ \"^[0-9]+(\\.[0-9]+)?$\")\n exit(1, \"Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (ver[0] == 7 && ver[1] == 0 && ver[2] == 0 && ver[3] < 19)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n source = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/source\");\n\n report =\n '\\n Source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 7.0.0.19' +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse exit(0, \"The WebSphere Application Server \"+version+\" instance listening on port \"+port+\" is not affected.\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-03-01T07:49:41", "description": "IBM WebSphere Application Server 6.1 before Fix Pack 41 appears to be\nrunning on the remote host. As such, it is potentially affected by\nthe following vulnerabilities :\n\n - A cross-site scripting vulnerability via vectors\n related to web messaging. (CVE-2011-5065)\n\n - A cross-site scripting vulnerability in the Installation\n Verification Test (IVT) in the Install component.\n (CVE-2011-1362)\n\n - The SibRaRecoverableSiXaResource class in the Default\n Messaging Component does not properly handle a Service\n Integration Bus (SIB) dump operation involving the\n Failure Data Capture (FFDC) introspection code. This\n can allow local users to obtain sensitive information by\n reading the FFDC log file. (CVE-2011-5066)\n\n - A directory traversal vulnerability in the\n administration console that allows remote attackers to\n read arbitrary files on the host. (CVE-2011-1359)\n\n - A potential Denial of Service with malicious range\n requests. (CVE-2011-3192)\n\n - An unspecified vulnerability in the Web Services\n Security component when enabling WS-Security for a\n JAX-WS application. (CVE-2011-1377)", "edition": 26, "published": "2012-01-19T00:00:00", "title": "IBM WebSphere Application Server 6.1 < 6.1.0.41 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1359", "CVE-2011-5065", "CVE-2011-5066", "CVE-2011-3192", "CVE-2011-1377", "CVE-2011-1362"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_6_1_0_41.NASL", "href": "https://www.tenable.com/plugins/nessus/57607", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(57607);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\n \"CVE-2011-1359\",\n \"CVE-2011-1362\",\n \"CVE-2011-1377\",\n \"CVE-2011-3192\",\n \"CVE-2011-5065\",\n \"CVE-2011-5066\"\n );\n script_bugtraq_id(49362, 50310, 51559, 51560);\n\n script_name(english:\"IBM WebSphere Application Server 6.1 < 6.1.0.41 Multiple Vulnerabilities\");\n script_summary(english:\"Reads the version number from the SOAP port\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote application server is affected by multiple vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"IBM WebSphere Application Server 6.1 before Fix Pack 41 appears to be\nrunning on the remote host. As such, it is potentially affected by\nthe following vulnerabilities :\n\n - A cross-site scripting vulnerability via vectors\n related to web messaging. (CVE-2011-5065)\n\n - A cross-site scripting vulnerability in the Installation\n Verification Test (IVT) in the Install component.\n (CVE-2011-1362)\n\n - The SibRaRecoverableSiXaResource class in the Default\n Messaging Component does not properly handle a Service\n Integration Bus (SIB) dump operation involving the\n Failure Data Capture (FFDC) introspection code. This\n can allow local users to obtain sensitive information by\n reading the FFDC log file. (CVE-2011-5066)\n\n - A directory traversal vulnerability in the\n administration console that allows remote attackers to\n read arbitrary files on the host. (CVE-2011-1359)\n\n - A potential Denial of Service with malicious range\n requests. (CVE-2011-3192)\n\n - An unspecified vulnerability in the Web Services\n Security component when enabling WS-Security for a\n JAX-WS application. (CVE-2011-1377)\"\n );\n script_set_attribute(attribute:\"see_also\",value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21404665\");\n script_set_attribute(attribute:\"see_also\",value:\"http://www-01.ibm.com/support/docview.wss?uid=swg27009778\");\n script_set_attribute(attribute:\"see_also\",value:\"http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24031034\");\n\n script_set_attribute(attribute:\"solution\", value:\n\"If using WebSphere Application Server, apply Fix Pack 41 (6.1.0.41) or\nlater. \n\nOtherwise, if using embedded WebSphere Application Server packaged with\nTivoli Directory Server, apply the latest recommended eWAS fix pack.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"websphere_detect.nasl\");\n script_require_ports(\"Services/www\", 8880, 8881);\n script_require_keys(\"www/WebSphere\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:8880, embedded:FALSE);\n\n\nversion = get_kb_item(\"www/WebSphere/\"+port+\"/version\");\nif (isnull(version)) exit(1, \"Failed to extract the version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\nif (version =~ \"^[0-9]+(\\.[0-9]+)?$\")\n exit(1, \"Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (ver[0] == 6 && ver[1] == 1 && ver[2] == 0 && ver[3] < 41)\n{\n if (report_verbosity > 0)\n {\n source = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/source\");\n\n report =\n '\\n Source : ' + source +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 6.1.0.41' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n exit(0);\n}\nelse exit(0, \"The WebSphere Application Server \"+version+\" instance listening on port \"+port+\" is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:49:47", "description": "IBM WebSphere Application Server 8.0 before Fix Pack 1 appears to be\nrunning on the remote host and is potentially affected by the \nfollowing vulnerabilities :\n\n - An open redirect vulnerability exists related to the\n 'logoutExitPage' parameter. This can allow remote\n attackers to trick users into requesting unintended\n URLs. (PM35701)\n\n - The administrative console can display a stack trace\n under unspecified circumstances and can disclose\n potentially sensitive information to local users.\n (PM36620)\n\n - An unspecified error exists that can allow cross-site \n request forgery attacks. (PM36734)\n\n - A token verification error exists in the bundled\n OpenSAML library. This error can allow an attacker to\n bypass security controls with an XML signature wrapping\n attack via SOAP messages. (PM43254)\n\n - A directory traversal attack is possible via unspecified\n parameters in the 'help' servlet. (PM45322)\n\n - The JavaServer Faces (JSF) application functionality \n could allow a remote attacker to read files because it\n fails to properly handle requests. (PM45992)\n\n - The HTTP server contains an error in the 'ByteRange'\n filter and can allow denial of service attacks when\n processing malicious requests. (PM46234)", "edition": 28, "published": "2011-09-30T00:00:00", "title": "IBM WebSphere Application Server 8.0 < Fix Pack 1 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1359", "CVE-2011-1368", "CVE-2011-1355", "CVE-2011-3192", "CVE-2011-1411", "CVE-2011-1356"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:ibm:websphere_application_server"], "id": "WEBSPHERE_8_0_0_1.NASL", "href": "https://www.tenable.com/plugins/nessus/56348", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(56348);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/11/15 20:50:26\");\n\n script_cve_id(\n \"CVE-2011-1355\",\n \"CVE-2011-1356\",\n \"CVE-2011-1359\",\n \"CVE-2011-1368\",\n \"CVE-2011-1411\",\n \"CVE-2011-3192\"\n );\n script_bugtraq_id(48709, 48710, 48890, 49303, 49362, 49766, 50463);\n\n script_name(english:\"IBM WebSphere Application Server 8.0 < Fix Pack 1 Multiple Vulnerabilities\");\n script_summary(english:\"Reads the version number from the SOAP port\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote application server may be affected by multiple \nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM WebSphere Application Server 8.0 before Fix Pack 1 appears to be\nrunning on the remote host and is potentially affected by the \nfollowing vulnerabilities :\n\n - An open redirect vulnerability exists related to the\n 'logoutExitPage' parameter. This can allow remote\n attackers to trick users into requesting unintended\n URLs. (PM35701)\n\n - The administrative console can display a stack trace\n under unspecified circumstances and can disclose\n potentially sensitive information to local users.\n (PM36620)\n\n - An unspecified error exists that can allow cross-site \n request forgery attacks. (PM36734)\n\n - A token verification error exists in the bundled\n OpenSAML library. This error can allow an attacker to\n bypass security controls with an XML signature wrapping\n attack via SOAP messages. (PM43254)\n\n - A directory traversal attack is possible via unspecified\n parameters in the 'help' servlet. (PM45322)\n\n - The JavaServer Faces (JSF) application functionality \n could allow a remote attacker to read files because it\n fails to properly handle requests. (PM45992)\n\n - The HTTP server contains an error in the 'ByteRange'\n filter and can allow denial of service attacks when\n processing malicious requests. (PM46234)\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"https://www-01.ibm.com/support/docview.wss?uid=swg27022958\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www-01.ibm.com/support/docview.wss?uid=swg24030916\"\n );\n # PM46234\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21512087\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply Fix Pack 1 for version 8.0 (8.0.0.1) or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:websphere_application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"websphere_detect.nasl\");\n script_require_ports(\"Services/www\", 8880, 8881);\n script_require_keys(\"www/WebSphere\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\n\nport = get_http_port(default:8880, embedded:0);\n\n\nversion = get_kb_item(\"www/WebSphere/\"+port+\"/version\");\nif (isnull(version)) exit(1, \"Failed to extract the version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\nif (version =~ \"^[0-9]+(\\.[0-9]+)?$\")\n exit(1, \"Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port \" + port + \".\");\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (ver[0] == 8 && ver[1] == 0 && ver[2] == 0 && ver[3] < 1)\n{\n if (report_verbosity > 0)\n {\n source = get_kb_item_or_exit(\"www/WebSphere/\"+port+\"/source\");\n\n report = \n '\\n Source : ' + source + \n '\\n Installed version : ' + version +\n '\\n Fixed version : 8.0.0.1' +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse exit(0, \"The WebSphere Application Server \"+version+\" instance listening on port \"+port+\" is not affected.\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:44", "bulletinFamily": "software", "cvelist": ["CVE-2011-4136", "CVE-2011-1359", "CVE-2011-4074", "CVE-2011-4137", "CVE-2011-2773", "CVE-2011-4140", "CVE-2011-2772", "CVE-2011-4138", "CVE-2011-4075", "CVE-2011-2688", "CVE-2011-2771", "CVE-2011-4139"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2011-11-06T00:00:00", "published": "2011-11-06T00:00:00", "id": "SECURITYVULNS:VULN:12022", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12022", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
