IBM WebSphere Application Server 8.0 < Fix Pack 9 Multiple Vulnerabilities

high Nessus Plugin ID 76995

Synopsis

The remote application server is affected by multiple vulnerabilities.

Description

IBM WebSphere Application Server 8.0 prior to Fix Pack 9 is running on the remote host. It is, therefore, affected by the following vulnerabilities :

- A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship.
(CVE-2013-6323, PI04777 and PI04880)

- A denial of service flaw exists within the Global Security Kit when handling SSLv2 resumption during the SSL/TLS handshake. This could allow a remote attacker to crash the program. (CVE-2013-6329, PI05309)

- A buffer overflow flaw exists in the HTTP server with the mod_dav module when using add-ons. This could allow a remote attacker to cause a buffer overflow and a denial of service. (CVE-2013-6438, PI09345)

- A cross-site scripting flaw exists within OAuth where user input is not properly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6738, PI05661)

- A denial of service flaw exists within the Global Security Kit when handling X.509 certificate chain during the initiation of a SSL/TLS connection. A remote attacker, using a malformed certificate chain, could cause the client or server to crash by hanging the Global Security Kit. (CVE-2013-6747, PI09443)

- A denial of service flaw exists within the Apache Commons FileUpload when parsing a content-type header for a multipart request. A remote attacker, using a specially crafted request, could crash the program.
(CVE-2014-0050, PI12648, PI12926 and PI13162)

- A flaw exists in the Elliptic Curve Digital Signature Algorithm implementation which could allow a malicious process to recover ECDSA nonces.
(CVE-2014-0076, PI19700)

- A denial of service flaw exists in the 'mod_log_config' when logging a cookie with an unassigned value. A remote attacker, using a specially crafted request, can cause the program to crash. (CVE-2014-0098, PI13028)

- An information disclosure flaw exists in the 'sun.security.rsa.RSAPadding' with 'PKCS#1' unpadding.
This many allow a remote attacker to gain timing information intended to be protected by encryption.
(CVE-2014-0453)

- A flaw exists with 'com.sun.jndi.dns.DnsClient' related to the randomization of query IDs. This could allow a remote attacker to conduct spoofing attacks.
(CVE-2014-0460)

- A flaw exists in the Full and Liberty profiles. A remote attacker, using a specially crafted request, could gain access to arbitrary files. (CVE-2014-0823, PI05324)

- An information disclosure flaw exists within the Administrative Console. This could allow a network attacker, using a specially crafted request, to gain privileged access. (CVE-2014-0857, PI07808)

- A denial of service flaw exists in a web server plugin on servers configured to retry failed POST request. This could allow a remote attacker to crash the application.
(CVE-2014-0859, PI08892)

- An information disclosure flaw exists within Proxy and ODR servers. This could allow a remote attacker, using a specially crafted request, to gain access to potentially sensitive information. (CVE-2014-0891, PI09786)

- A denial of service flaw exists within the IBM Security Access Manager for Web with the Reverse Proxy component.
This could allow a remote attacker, using specially crafted TLS traffic, to cause the application on the system to become unresponsive. (CVE-2014-0963, PI17025)

- An information disclosure flaw exists when handling SOAP responses. This could allow a remote attacker to potentially gain access to sensitive information.
(CVE-2014-0965, PI11434)

- An information disclosure flaw exists. A remote attacker, using a specially crafted URL, could gain access to potentially sensitive information.
(CVE-2014-3022, PI09594)

Solution

Apply Fix Pack 9 for version 8.0 (8.0.0.9) or later.

See Also

https://www-304.ibm.com/support/docview.wss?uid=swg21676092

https://www-304.ibm.com/support/docview.wss?uid=swg21659548

https://www-304.ibm.com/support/docview.wss?uid=swg21663941

https://www-304.ibm.com/support/docview.wss?uid=swg21667254

https://www-304.ibm.com/support/docview.wss?uid=swg21667526

https://www-304.ibm.com/support/docview.wss?uid=swg21672843

https://www-304.ibm.com/support/docview.wss?uid=swg21673013

Plugin Details

Severity: High

ID: 76995

File Name: websphere_8_0_0_9.nasl

Version: 1.10

Type: remote

Family: Web Servers

Published: 8/4/2014

Updated: 11/25/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2014-0050

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server

Required KB Items: www/WebSphere

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/23/2014

Vulnerability Publication Date: 5/1/2014

Reference Information

CVE: CVE-2013-6323, CVE-2013-6329, CVE-2013-6438, CVE-2013-6738, CVE-2013-6747, CVE-2014-0050, CVE-2014-0076, CVE-2014-0098, CVE-2014-0453, CVE-2014-0460, CVE-2014-0823, CVE-2014-0857, CVE-2014-0859, CVE-2014-0878, CVE-2014-0891, CVE-2014-0963, CVE-2014-0965, CVE-2014-3022

BID: 64249, 65156, 65400, 66303, 66914, 66916, 67051, 67238, 67327, 67329, 67335, 67579, 67601, 67720, 68210, 68211

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990