IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.3 does not properly restrict resource access, which allows remote attackers to obtain sensitive information via unspecified vectors.

The remote host is running IBM WebSphere Application Server version 8.0 prior to Fix Pack 10. It is, therefore, affected by the following vulnerabilities :

  - Multiple errors exist related to the included IBM HTTP     server that can allow remote code execution or denial     of service. (CVE-2013-5704, CVE-2014-0118,     CVE-2014-0226, CVE-2014-0231 / PI22070)

  - An error exists related to the implementation of the     Elliptic Curve Digital Signature Algorithm (ECDSA) that     could allow nonce disclosure via the 'FLUSH+RELOAD'     cache side-channel attack. (CVE-2014-0076 / PI19700)

  - An unspecified error exists related to HTTP headers that     can allow information disclosure. (CVE-2014-3021 /     PI08268)

  - An unspecified error caused by improper account creation     with the Virtual Member Manager SPI Admin Task     'addFileRegistryAccount' can allow remote attackers to     bypass security restrictions. (CVE-2014-3070 / PI16765)

  - An information disclosure vulnerability exists due to a     failure to restrict access to resources located within     the web application. A remote attacker can exploit this     to obtain configuration data and other sensitive     information. (CVE-2014-3083 / PI17768, PI30579 )

  - A man-in-the-middle (MitM) information disclosure     vulnerability known as POODLE. The vulnerability is due     to the way SSL 3.0 handles padding bytes when decrypting     messages encrypted using block ciphers in cipher block     chaining (CBC) mode. MitM attackers can decrypt a     selected byte of a cipher text in as few as 256 tries if     they are able to force a victim application to     repeatedly send the same data over newly created SSL 3.0     connections. (CVE-2014-3566 / PI28435, PI28436, PI28437)

  - An unspecified flaw in the Load Balancer for IPv4     Dispatcher component allows a remote attacker to cause     a denial of service. (CVE-2014-4764 / PI21189)

  - An unspecified input validation error exists related to     the administrative console that can allow cross-site     scripting and cross-site request forgery attacks.
    (CVE-2014-4770, CVE-2014-4816 / PI23055)

  - An error exists related to the Communications Enabled     Applications (CEA) service that can allow XML External     Entity Injection (XXE) attacks leading to information     disclosure. This only occurs if CEA is enabled, and by     default this is disabled. (CVE-2014-6166 / PI25310)

  - An input validation error exists related to session     input using URL rewriting that can allow cross-site     scripting attacks. (CVE-2014-6167 / PI23819)

  - An error exists related to the administrative console     that can allow click-jacking attacks. (CVE-2014-6174 /     PI27152)

The version of IBM WebSphere Portal installed on the remote host is 7.0.0.x prior to 7.0.0.2 CF29. It is, therefore, affected by multiple vulnerabilities :

  - A remote code execution vulnerability exists in the     Apache Struts ClassLoader. A remote attacker can exploit     this issue by manipulating the 'class' parameter of an     ActionForm object to execute arbitrary code.
    (CVE-2014-0114)

  - A cross-site scripting vulnerability exists which allows     a remote, authenticated attacker to inject arbitrary     web script or HTML. (CVE-2014-0910)

  - An unspecified denial of service vulnerability exists     that allows a remote attacker to crash the host by     sending a specially crafted web request to cause a     consumption of resources. (CVE-2014-0949)

  - A cross-site scripting vulnerability exists in the     'boot_config.jsp' script due to improper validation of     user-supplied input. An attacker can exploit this issue     to execute arbitrary script code in the security context     of a user's browser to steal authentication cookies.
    (CVE-2014-0952)

  - An unspecified cross-site scripting vulnerability exists     due to improper validation of user-supplied input.
    (CVE-2014-0953)

  - A privilege escalation vulnerability exists in the Web     Content Viewer portlet due to improper handling of JSP     includes. A remote attacker can exploit this issue to     obtain sensitive information, cause a denial of service,     or control the request dispatcher by sending a specially     crafted URL request. (CVE-2014-0954)

  - An unspecified cross-site scripting vulnerability exists     due to improper validation of user-supplied input. An     attacker can exploit this issue to execute arbitrary     script code in the security context of a user's web     browser to steal authentication cookies. (CVE-2014-0956)

  - An unspecified denial of service vulnerability exists     that allows an authenticated attacker to cause a     successful login to loop back to the login page     indefinitely. (CVE-2014-0959)

  - An unspecified information disclosure vulnerability     exists which allows a remote attacker to gain access to     sensitive information. (CVE-2014-3083)

  - An unspecified cross-site scripting vulnerability     exists due to improper validation of user-supplied     input. An attacker can exploit this issue to execute     arbitrary script code in the security context of a     user's browser. (CVE-2014-3102)

  - An information disclosure vulnerability exists due to     the returned error codes which an attacker can use to     identify devices behind a firewall. (CVE-2014-4746)

  - An unspecified open redirect vulnerability exists that     allows an attacker to perform a phishing attack by     enticing a user to click on a malicious URL.
    (CVE-2014-4760)

  - An information disclosure vulnerability exists which     allows a remote, authenticated attacker to gain access     to sensitive information, such as user credentials,     through certain HTML pages. (CVE-2014-4761)

  - An unrestricted file upload vulnerability exists which     allows a remote, authenticated attacker to upload large     files, potentially resulting in a denial of service.
    (CVE-2014-4792)

  - An unspecified vulnerability exists that allows an     authenticated attacker to execute arbitrary code on the     system. (CVE-2014-4808)

  - A flaw exists due to improper recursion detection during     entity expansion. A remote attacker, via a specially     crafted XML document, can cause the system to crash,     resulting in a denial of service. (CVE-2014-4814)

  - An information disclosure vulnerability exists that     allows a remote attacker to identify whether or not a     file exists based on the web server error codes.
    (CVE-2014-4821)

  - An unspecified cross-site scripting vulnerability exists     that allows a remote, authenticated attacker to execute     arbitrary code via a specially crafted URL.
    (CVE-2014-6093)

  - An unspecified reflected cross-site scripting     vulnerability exists due to improper validation of     user-supplied input. A remote attacker can exploit this     flaw using a specially crafted URL to execute arbitrary     script code in a user's web browser within the security     context of the hosting website. This allows an attacker     to steal a user's cookie-based authentication     credentials. (CVE-2014-6215)

  - An unspecified reflected cross-site scripting     vulnerability exists due to improper validation of     user-supplied input. A remote attacker can exploit this     flaw using a specially crafted URL to execute arbitrary     script code in a user's web browser within the security     context of the hosting website. This allows an attacker     to steal a user's cookie-based authentication     credentials. (CVE-2014-8909)

  - An unspecified flaw exists that is trigged when handling     Portal requests. A remote attacker can exploit this to     cause a consumption of CPU resources, resulting in a     denial of service condition. (CVE-2015-1943)

The version of IBM WebSphere Portal on the remote host is affected by an unspecified information disclosure vulnerability which allows a remote attacker to gain access to sensitive information.

The version of IBM WebSphere Portal installed on the remote host is affected by multiple vulnerabilities :

  - A remote code execution vulnerability exists in the     Apache Struts ClassLoader. A remote attacker can exploit     this issue by manipulating the 'class' parameter of an     ActionForm object to execute arbitrary code.
    (CVE-2014-0114)

  - An unspecified information disclosure vulnerability     exists which allows a remote attacker to gain access to     sensitive information. (CVE-2014-3083)

  - An information disclosure vulnerability exists which     allows a remote, authenticated attacker to gain access     to sensitive information, such as user credentials,     through certain HTML pages. (CVE-2014-4761)

  - An unspecified cross-site scripting vulnerability exists     due to improper validation of user input. This can be     exploited by a remote, authenticated attacker to execute     code in the security context of a user's browser.
    (CVE-2014-4762)

  - An unrestricted file upload vulnerability exists which     allows a remote, authenticated attacker to upload large     files, potentially resulting in a denial of service.
    (CVE-2014-4792)

  - An unspecified cross-site scripting vulnerability exists     that allows remote, authenticated attackers to execute     arbitrary code via a specially crafted URL.
    (CVE-2014-6093)

The version of IBM WebSphere Portal installed on the remote host is affected by multiple vulnerabilities :

  - An unspecified information disclosure vulnerability     exists which allows a remote attacker to gain access to     sensitive information. (CVE-2014-3083)

  - An information disclosure vulnerability exists which     allows a remote, authenticated attacker to gain access     to sensitive information, such as user credentials,     through certain HTML pages. (CVE-2014-4761)

  - An unspecified cross-site scripting vulnerability exists     due to improper validation of user input.
    (CVE-2014-4762)

  - An unrestricted file upload vulnerability exists which     allows a remote, authenticated attacker to upload large     files, potentially resulting in a denial of service.
    (CVE-2014-4792)

  - An unspecified cross-site scripting vulnerability exists     due to improper validation of user input.
    (CVE-2014-4762)

The remote host is running a version of IBM WebSphere Application Server 7.0 prior to Fix Pack 35. It is, therefore, affected by the following vulnerabilities :

  - Multiple errors exist related to the included IBM HTTP     server that could allow remote code execution or denial     of service. (CVE-2013-5704, CVE-2014-0118,     CVE-2014-0226, CVE-2014-0231 / PI22070)

  - An error exists related to HTTP header handling that     could allow the disclosure of sensitive information.
    (CVE-2014-3021 / PI08268)

  - An unspecified error exists that could allow the     disclosure of sensitive information.
    (CVE-2014-3083 / PI17768)

  - An unspecified input-validation errors exist related to     the 'Admin Console' that could allow cross-site     scripting and cross-site request forgery attacks.
    (CVE-2014-4770, CVE-2014-4816 / PI23055)

The remote host appears to be running IBM WebSphere Application Server 8.5 prior to Fix Pack 8.5.5.3. It is, therefore, affected by the following vulnerabilities :

  - A flaw exists in the Elliptic Curve Digital Signature     Algorithm implementation which could allow a malicious     process to recover ECDSA nonces.
    (CVE-2014-0076, PI19700)

  - A denial of service flaw exists in the 'mod_log_config'     when logging a cookie with an unassigned value. A remote     attacker, using a specially crafted request, can cause     the program to crash. (CVE-2014-0098, PI13028)

  - A denial of service flaw exists within the IBM Security     Access Manager for Web with the Reverse Proxy component.
    This could allow a remote attacker, using specially     crafted TLS traffic, to cause the application on the     system to become unresponsive. (CVE-2014-0963, PI17025)

  - An information disclosure flaw exists when handling SOAP     responses. This could allow a remote attacker to     potentially gain access to sensitive information.
    (CVE-2014-0965, PI11434)

  - An information disclosure flaw exists. A remote     attacker, using a specially crafted URL, could gain     access to potentially sensitive information.
    (CVE-2014-3022, PI09594)

  - A flaw exists within the 'addFileRegistryAccount'     Virtual Member Manager SPI Admin Task, which creates     improper accounts. This could allow a remote attacker     to bypass security checks. (CVE-2014-3070, PI16765)

  - An unspecified information disclosure flaw exists. This     could allow a remote attacker access to gain sensitive     information. (CVE-2014-3083, PI17768)

  - An information disclosure flaw exists within the     'share/classes/sun/security/rsa/RSACore.java' class     related to 'RSA blinding' caused during operations using     private keys and measuring timing differences. This     could allow a remote attacker to gain information about     used keys. (CVE-2014-4244)

  - A flaw exists within the 'validateDHPublicKey' function     in the 'share/classes/sun/security/util/KeyUtil.java'     class which is triggered during the validation of     Diffie-Hellman public key parameters. This could allow a     remote attacker to recover a key. (CVE-2014-4263)

  - A flaw exists within the Load Balancer for IPv4     Dispatcher component. This could allow a remote attacker     to crash the Load Balancer. (CVE-2014-4764, PI21189)

  - A flaw exists within the Liberty Repository when     installing features. This could allow an authenticated     remote attacker to install and execute arbitrary code.
    (CVE-2014-4767, PI21284)

ID	Name	Product	Family	Severity
81401	IBM WebSphere Application Server 8.0 < Fix Pack 10 Multiple Vulnerabilities (POODLE)	Nessus	Web Servers	medium
79691	IBM WebSphere Portal 7.0.0.x < 7.0.0.2 CF29 Multiple Vulnerabilities	Nessus	CGI abuses	high
79217	IBM WebSphere Portal Unspecified Information Disclosure (PI17768)	Nessus	Windows	medium
79216	IBM WebSphere Portal 8.5.0 < 8.5.0 CF02 Multiple Vulnerabilities	Nessus	CGI abuses	high
78741	IBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF14 Multiple Vulnerabilities	Nessus	CGI abuses	medium
78604	IBM WebSphere Application Server 7.0 < Fix Pack 35 Multiple Vulnerabilities	Nessus	Web Servers	medium
77438	IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.3 Multiple Vulnerabilities	Nessus	Web Servers	medium

Detections

Analytics

CVE-2014-3083

high

Tenable Plugins

medium

high

medium

high

medium

medium

medium