5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.003 Low
EPSS
Percentile
69.8%
The IBM HTTP Server running on the remote host is version 6.0 prior to or equal to 6.0.2.43, 6.1 prior to or equal to 6.1.0.47, 7.0 prior to 7.0.0.39, 8.0 prior to 8.0.0.11, or 8.5 prior to 8.5.5.7. It is, therefore, affected by a flaw in the Apache Portable Runtime (APR) that is triggered when an APR application is using APR named pipe support on Windows. A local attacker can exploit this to conduct a pipe squatting attack from a local process.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(86019);
script_version("1.3");
script_cvs_date("Date: 2018/08/06 14:03:16");
script_cve_id("CVE-2015-1829");
script_bugtraq_id(75164);
script_name(english:"IBM HTTP Server 6.0 <= 6.0.2.43 (FP43) / 6.1 <= 6.1.0.47 (FP47) / 7.0 < 7.0.0.39 (FP39) / 8.0 < 8.0.0.11 (FP11) / 8.5 < 8.5.5.7 (FP7) Named Pipe DoS");
script_summary(english:"Reads the version number from the SOAP port.");
script_set_attribute(attribute:"synopsis", value:
"The remote IBM HTTP Server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The IBM HTTP Server running on the remote host is version 6.0 prior to
or equal to 6.0.2.43, 6.1 prior to or equal to 6.1.0.47, 7.0 prior to
7.0.0.39, 8.0 prior to 8.0.0.11, or 8.5 prior to 8.5.5.7. It is,
therefore, affected by a flaw in the Apache Portable Runtime (APR)
that is triggered when an APR application is using APR named pipe
support on Windows. A local attacker can exploit this to conduct a
pipe squatting attack from a local process.");
# CVE-2015-1829 / PI39833
script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21959081");
script_set_attribute(attribute:"solution", value:
"Apply IBM 7.0 Fix Pack 39 (7.0.0.39) / 8.0 Fix Pack 11 (8.0.0.11) /
8.5 Fix Pack 7 (8.5.5.7) or later. Alternatively, apply the Interim
Fixes as recommended in the vendor advisory.
In the case of the 6.0 branch, apply IBM 6.0 Fix Pack 43 (6.0.2.43)
and then apply Interim Fix PI39833.
In the case of the 6.1 branch, apply IBM 6.1 Fix Pack 47 (6.1.0.47)
and then apply Interim Fixes PI39833.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/29");
script_set_attribute(attribute:"patch_publication_date", value:"2015/09/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/18");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:http_server");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
script_dependencies("websphere_detect.nasl");
script_require_ports("Services/www", 8880, 8881);
script_require_keys("www/WebSphere", "Settings/ParanoidReport");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
port = get_http_port(default:8880, embedded:0);
version = get_kb_item_or_exit("www/WebSphere/"+port+"/version");
source = get_kb_item_or_exit("www/WebSphere/"+port+"/source");
app_name = "IBM WebSphere Application Server";
if (version =~ "^[0-9]+(\.[0-9]+)?$")
audit(AUDIT_VER_NOT_GRANULAR, app_name, port, version);
fix = FALSE; # Fixed version for compare
min = FALSE; # Min version for branch
pck = FALSE; # Fix pack name (tacked onto fix in report)
itr = "PI39833"; # Required interim fixes
vuln = FALSE; # Flag for branches requiring <= checks
if (version =~ "^8\.5\.")
{
fix = '8.5.5.7';
min = '8.5.0.0';
pck = " (Fix Pack 7)";
}
else if (version =~ "^8\.0\.")
{
fix = '8.0.0.11';
min = '8.0.0.0';
pck = " (Fix Pack 11)";
}
else if (version =~ "^7\.0\.")
{
fix = '7.0.0.39';
min = '7.0.0.0';
pck = " (Fix Pack 39) Available 2015/11/02";
}
# V6.1.0.0 through 6.1.0.47 (without PI39833)
else if (version =~ "^6\.1\.")
{
if (ver_compare(ver:version, fix:'6.1.0.47', strict:FALSE) <= 0)
{
fix = '6.1.0.47';
min = '6.1.0.0';
pck = " (Fix Pack 47) plus PI45596";
vuln = TRUE;
}
}
# V6.0.0.0 through 6.0.2.43 (without PI39833)
else if (version =~ "^6\.0\.")
{
if (ver_compare(ver:version, fix:'6.0.2.43', strict:FALSE) <= 0)
{
fix = '6.0.2.43';
min = '6.0.0.0';
pck = " (Fix Pack 43) plus PI39833";
vuln = TRUE;
}
}
if (
(
fix && min &&
ver_compare(ver:version, fix:fix, strict:FALSE) < 0 &&
ver_compare(ver:version, fix:min, strict:FALSE) >= 0
)
||
vuln
)
{
if (report_verbosity > 0)
{
report =
'\n Version source : ' + source +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix + pck +
'\n Interim fixes : ' + itr +
'\n';
security_warning(port:port, extra:report);
}
else security_warning(port);
exit(0);
}
else audit(AUDIT_LISTEN_NOT_VULN, app_name, port, version);
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | websphere_application_server | cpe:/a:ibm:websphere_application_server | |
ibm | http_server | cpe:/a:ibm:http_server |