CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
EPSS
Percentile
96.5%
IBM WebSphere Application Server 8.0 prior to Fix Pack 9 is running on the remote host. It is, therefore, affected by the following vulnerabilities :
A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship.
(CVE-2013-6323, PI04777 and PI04880)
A denial of service flaw exists within the Global Security Kit when handling SSLv2 resumption during the SSL/TLS handshake. This could allow a remote attacker to crash the program. (CVE-2013-6329, PI05309)
A buffer overflow flaw exists in the HTTP server with the mod_dav module when using add-ons. This could allow a remote attacker to cause a buffer overflow and a denial of service. (CVE-2013-6438, PI09345)
A cross-site scripting flaw exists within OAuth where user input is not properly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6738, PI05661)
A denial of service flaw exists within the Global Security Kit when handling X.509 certificate chain during the initiation of a SSL/TLS connection. A remote attacker, using a malformed certificate chain, could cause the client or server to crash by hanging the Global Security Kit. (CVE-2013-6747, PI09443)
A denial of service flaw exists within the Apache Commons FileUpload when parsing a content-type header for a multipart request. A remote attacker, using a specially crafted request, could crash the program.
(CVE-2014-0050, PI12648, PI12926 and PI13162)
A flaw exists in the Elliptic Curve Digital Signature Algorithm implementation which could allow a malicious process to recover ECDSA nonces.
(CVE-2014-0076, PI19700)
A denial of service flaw exists in the ‘mod_log_config’ when logging a cookie with an unassigned value. A remote attacker, using a specially crafted request, can cause the program to crash. (CVE-2014-0098, PI13028)
An information disclosure flaw exists in the ‘sun.security.rsa.RSAPadding’ with ‘PKCS#1’ unpadding.
This many allow a remote attacker to gain timing information intended to be protected by encryption.
(CVE-2014-0453)
A flaw exists with ‘com.sun.jndi.dns.DnsClient’ related to the randomization of query IDs. This could allow a remote attacker to conduct spoofing attacks.
(CVE-2014-0460)
A flaw exists in the Full and Liberty profiles. A remote attacker, using a specially crafted request, could gain access to arbitrary files. (CVE-2014-0823, PI05324)
An information disclosure flaw exists within the Administrative Console. This could allow a network attacker, using a specially crafted request, to gain privileged access. (CVE-2014-0857, PI07808)
A denial of service flaw exists in a web server plugin on servers configured to retry failed POST request. This could allow a remote attacker to crash the application.
(CVE-2014-0859, PI08892)
An information disclosure flaw exists within Proxy and ODR servers. This could allow a remote attacker, using a specially crafted request, to gain access to potentially sensitive information. (CVE-2014-0891, PI09786)
A denial of service flaw exists within the IBM Security Access Manager for Web with the Reverse Proxy component.
This could allow a remote attacker, using specially crafted TLS traffic, to cause the application on the system to become unresponsive. (CVE-2014-0963, PI17025)
An information disclosure flaw exists when handling SOAP responses. This could allow a remote attacker to potentially gain access to sensitive information.
(CVE-2014-0965, PI11434)
An information disclosure flaw exists. A remote attacker, using a specially crafted URL, could gain access to potentially sensitive information.
(CVE-2014-3022, PI09594)
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(76995);
script_version("1.10");
script_cvs_date("Date: 2019/11/25");
script_cve_id(
"CVE-2013-6323",
"CVE-2013-6329",
"CVE-2013-6438",
"CVE-2013-6738",
"CVE-2013-6747",
"CVE-2014-0050",
"CVE-2014-0076",
"CVE-2014-0098",
"CVE-2014-0453",
"CVE-2014-0460",
"CVE-2014-0823",
"CVE-2014-0857",
"CVE-2014-0859",
"CVE-2014-0878",
"CVE-2014-0891",
"CVE-2014-0963",
"CVE-2014-0965",
"CVE-2014-3022"
);
script_bugtraq_id(
64249,
65156,
65400,
66303,
66914,
66916,
67051,
67238,
67327,
67329,
67335,
67579,
67601,
67720,
68210,
68211
);
script_name(english:"IBM WebSphere Application Server 8.0 < Fix Pack 9 Multiple Vulnerabilities");
script_summary(english:"Reads the version number from the SOAP port.");
script_set_attribute(attribute:"synopsis", value:
"The remote application server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"IBM WebSphere Application Server 8.0 prior to Fix Pack 9 is running on
the remote host. It is, therefore, affected by the following
vulnerabilities :
- A cross-site scripting flaw exists within the
Administration Console, where user input is improperly
validated. This could allow a remote attacker, with a
specially crafted request, to execute arbitrary script
code within the browser / server trust relationship.
(CVE-2013-6323, PI04777 and PI04880)
- A denial of service flaw exists within the Global
Security Kit when handling SSLv2 resumption during the
SSL/TLS handshake. This could allow a remote attacker
to crash the program. (CVE-2013-6329, PI05309)
- A buffer overflow flaw exists in the HTTP server with
the mod_dav module when using add-ons. This could allow
a remote attacker to cause a buffer overflow and a
denial of service. (CVE-2013-6438, PI09345)
- A cross-site scripting flaw exists within OAuth where
user input is not properly validated. This could allow
a remote attacker, with a specially crafted request, to
execute arbitrary script code within the browser /
server trust relationship. (CVE-2013-6738, PI05661)
- A denial of service flaw exists within the Global
Security Kit when handling X.509 certificate chain
during the initiation of a SSL/TLS connection. A remote
attacker, using a malformed certificate chain, could
cause the client or server to crash by hanging the
Global Security Kit. (CVE-2013-6747, PI09443)
- A denial of service flaw exists within the Apache
Commons FileUpload when parsing a content-type header
for a multipart request. A remote attacker, using a
specially crafted request, could crash the program.
(CVE-2014-0050, PI12648, PI12926 and PI13162)
- A flaw exists in the Elliptic Curve Digital Signature
Algorithm implementation which could allow a malicious
process to recover ECDSA nonces.
(CVE-2014-0076, PI19700)
- A denial of service flaw exists in the 'mod_log_config'
when logging a cookie with an unassigned value. A remote
attacker, using a specially crafted request, can cause
the program to crash. (CVE-2014-0098, PI13028)
- An information disclosure flaw exists in the
'sun.security.rsa.RSAPadding' with 'PKCS#1' unpadding.
This many allow a remote attacker to gain timing
information intended to be protected by encryption.
(CVE-2014-0453)
- A flaw exists with 'com.sun.jndi.dns.DnsClient' related
to the randomization of query IDs. This could allow a
remote attacker to conduct spoofing attacks.
(CVE-2014-0460)
- A flaw exists in the Full and Liberty profiles. A remote
attacker, using a specially crafted request, could gain
access to arbitrary files. (CVE-2014-0823, PI05324)
- An information disclosure flaw exists within the
Administrative Console. This could allow a network
attacker, using a specially crafted request, to gain
privileged access. (CVE-2014-0857, PI07808)
- A denial of service flaw exists in a web server plugin
on servers configured to retry failed POST request. This
could allow a remote attacker to crash the application.
(CVE-2014-0859, PI08892)
- An information disclosure flaw exists within Proxy and
ODR servers. This could allow a remote attacker, using a
specially crafted request, to gain access to potentially
sensitive information. (CVE-2014-0891, PI09786)
- A denial of service flaw exists within the IBM Security
Access Manager for Web with the Reverse Proxy component.
This could allow a remote attacker, using specially
crafted TLS traffic, to cause the application on the
system to become unresponsive. (CVE-2014-0963, PI17025)
- An information disclosure flaw exists when handling SOAP
responses. This could allow a remote attacker to
potentially gain access to sensitive information.
(CVE-2014-0965, PI11434)
- An information disclosure flaw exists. A remote
attacker, using a specially crafted URL, could gain
access to potentially sensitive information.
(CVE-2014-3022, PI09594)");
script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21676092");
script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21659548");
script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21663941");
script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21667254");
script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21667526");
script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21672843");
script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21673013");
script_set_attribute(attribute:"solution", value:
"Apply Fix Pack 9 for version 8.0 (8.0.0.9) or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0050");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/01");
script_set_attribute(attribute:"patch_publication_date", value:"2014/06/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/04");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("websphere_detect.nasl");
script_require_keys("www/WebSphere");
script_require_ports("Services/www", 8880, 8881);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:8880, embedded:0);
version = get_kb_item_or_exit("www/WebSphere/"+port+"/version");
if (version !~ "^8\.0([^0-9]|$)") audit(AUDIT_NOT_LISTEN, "IBM WebSphere Application Server 8.0", port);
if (version =~ "^[0-9]+(\.[0-9]+)?$") audit(AUDIT_VER_NOT_GRANULAR, "IBM WebSphere Application Server", port, version);
ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
ver[i] = int(ver[i]);
if (ver[0] == 8 && ver[1] == 0 && ver[2] == 0 && ver[3] < 9)
{
set_kb_item(name:"www/"+port+"/XSS", value:TRUE);
if (report_verbosity > 0)
{
source = get_kb_item_or_exit("www/WebSphere/"+port+"/source");
report =
'\n Version source : ' + source +
'\n Installed version : ' + version +
'\n Fixed version : 8.0.0.9' +
'\n';
security_hole(port:port, extra:report);
}
else security_hole(port);
exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, "IBM WebSphere Application Server", port, version);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6323
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6329
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6738
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6747
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0453
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0460
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0823
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0857
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0859
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0878
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0891
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0963
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0965
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3022
www-304.ibm.com/support/docview.wss?uid=swg21659548
www-304.ibm.com/support/docview.wss?uid=swg21663941
www-304.ibm.com/support/docview.wss?uid=swg21667254
www-304.ibm.com/support/docview.wss?uid=swg21667526
www-304.ibm.com/support/docview.wss?uid=swg21672843
www-304.ibm.com/support/docview.wss?uid=swg21673013
www-304.ibm.com/support/docview.wss?uid=swg21676092