Vulnerabilities > CVE-2010-0781 - Unspecified vulnerability in IBM Websphere Application Server

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
ibm
nessus

Summary

Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted URL.

Nessus

  • NASL familyWeb Servers
    NASL idWEBSPHERE_7_0_0_13.NASL
    descriptionIBM WebSphere Application Server 7.0 before Fix Pack 13 appears to be running on the remote host. As such, it is reportedly affected by the following vulnerabilities : - A cross-site scripting vulnerability exists in the administrative console due to improper filtering on input values. (PM14251) - A cross-site scripting vulnerability exists in the Integrated Solution Console due to improper filtering on input values. (PM11777) - An unspecified cross-site request forgery vulnerability exists in the administrative console for WebSphere Application Server. (PM18909) - An unspecified cross-site scripting vulnerability exists in the administrative console for WebSphere Application Server for z/OS. (PM17046) - An error exists in JAX-WS WS-Security, which mishandles timestamps in the WS-SecurityPolicy specification. (PM16014) - An error exists in the JAX-WS API, which allows an attacker to cause a denial of service by sending a specially crafted JAX-WS request. The server will begin sending corrupt data to its clients. (PM13777) - Apache Axis2/Java, used by WebSphere, is vulnerable to denial of service and information disclosure attacks due to an error in its XML DTD handling processes. (PM14844) - An unspecified error exists in the administration console that can cause high CPU usage and denial of service when specially crafted URLs are requested. (PM11807)
    last seen2020-06-01
    modified2020-06-02
    plugin id50561
    published2010-11-11
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50561
    titleIBM WebSphere Application Server 7.0 < Fix Pack 13 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(50561);
      script_version("1.14");
      script_cvs_date("Date: 2018/08/06 14:03:16");
    
      script_cve_id(
        "CVE-2010-0781",
        "CVE-2010-0783",
        "CVE-2010-0784",
        "CVE-2010-0785",
        "CVE-2010-0786",
        "CVE-2010-1632",
        "CVE-2010-3186",
        "CVE-2010-4220"
      );
      script_bugtraq_id(
        40976,
        42801,
        43425,
        43874,
        43875,
        44670,
        44862,
        44875
      );
      script_xref(name:"Secunia", value:"40252");
      script_xref(name:"Secunia", value:"40279");
      script_xref(name:"Secunia", value:"41173");
      script_xref(name:"Secunia", value:"41722");
      script_xref(name:"Secunia", value:"42136");
    
      script_name(english:"IBM WebSphere Application Server 7.0 < Fix Pack 13 Multiple Vulnerabilities");
      script_summary(english:"Reads the version number from the SOAP port");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote application server is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "IBM WebSphere Application Server 7.0 before Fix Pack 13 appears to be
    running on the remote host.  As such, it is reportedly affected by the
    following vulnerabilities :
    
      - A cross-site scripting vulnerability exists in the
        administrative console due to improper filtering on
        input values. (PM14251)
    
      - A cross-site scripting vulnerability exists in the
        Integrated Solution Console due to improper filtering on
        input values. (PM11777)
    
      - An unspecified cross-site request forgery vulnerability
        exists in the administrative console for WebSphere
        Application Server. (PM18909)
    
      - An unspecified cross-site scripting vulnerability
        exists in the administrative console for WebSphere
        Application Server for z/OS. (PM17046)
    
      - An error exists in JAX-WS WS-Security, which mishandles
        timestamps in the WS-SecurityPolicy specification.
        (PM16014)
    
      - An error exists in the JAX-WS API, which allows an
        attacker to cause a denial of service by sending a
        specially crafted JAX-WS request. The server will begin
        sending corrupt data to its clients. (PM13777)
    
      - Apache Axis2/Java, used by WebSphere, is vulnerable to
        denial of service and information disclosure attacks due
        to an error in its XML DTD handling processes. (PM14844)
    
      - An unspecified error exists in the administration
        console that can cause high CPU usage and denial of
        service when specially crafted URLs are requested.
        (PM11807)");
    
      script_set_attribute(attribute:"see_also",value:"http://www-01.ibm.com/support/docview.wss?uid=swg21404665");
      script_set_attribute(attribute:"see_also",value:"http://www-01.ibm.com/support/docview.wss?uid=swg27009778");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27014463#70013");
      script_set_attribute(attribute:"see_also", value:"https://issues.apache.org/jira/browse/AXIS2-4450");
      script_set_attribute(attribute:"solution", value:
    "If using WebSphere Application Server, apply Fix Pack 13 (7.0.0.13) or
    later. 
    
    Otherwise, if using embedded WebSphere Application Server packaged with
    Tivoli Directory Server, apply the latest recommended eWAS fix pack.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"d2_elliot_name", value:"Apache Axis2 File Disclosure");
      script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/08/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/11/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/11");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
    
      script_dependencies("websphere_detect.nasl");
      script_require_ports("Services/www", 8880, 8881);
      script_require_keys("www/WebSphere");
    
      exit(0);
    }
    
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    port = get_http_port(default:8880, embedded:0);
    
    
    version = get_kb_item("www/WebSphere/"+port+"/version");
    if (isnull(version)) exit(1, "Failed to extract the version from the IBM WebSphere Application Server instance listening on port " + port + ".");
    if (version =~ "^[0-9]+(\.[0-9]+)?$")
      exit(1, "Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port " + port + ".");
    
    ver = split(version, sep:'.', keep:FALSE);
    for (i=0; i<max_index(ver); i++)
      ver[i] = int(ver[i]);
    
    if (ver[0] == 7 && ver[1] == 0 && ver[2] == 0 && ver[3] < 13)
    {
      set_kb_item(name:'www/'+port+'/XSS', value:TRUE);
    
      if (report_verbosity > 0)
      {
        source = get_kb_item_or_exit("www/WebSphere/"+port+"/source");
    
        report =
          '\n  Source            : ' + source +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : 7.0.0.13' +
          '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else exit(0, "The WebSphere Application Server "+version+" instance listening on port "+port+" is not affected.");
    
  • NASL familyWeb Servers
    NASL idWEBSPHERE_6_1_0_33.NASL
    descriptionIBM WebSphere Application Server 6.1 before Fix Pack 33 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - An unspecified cross-site scripting vulnerability exists in the Administration Console. (PM09250, PM11778) - An unspecified error exists when a Java API for XML Web Services (JAX-WS) application with the WS-Security policy specifies a Time Stamp value. (PM16014 / PM08360) - Sensitive information is stored by
    last seen2020-06-01
    modified2020-06-02
    plugin id49691
    published2010-09-28
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49691
    titleIBM WebSphere Application Server 6.1 < 6.1.0.33 Multiple Vulnerabilities
    code
    
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(49691);
      script_version("1.8");
      script_cvs_date("Date: 2018/08/06 14:03:16");
    
      script_cve_id(
        "CVE-2010-0778",
        "CVE-2010-0779",
        "CVE-2010-0781",
        "CVE-2010-3186"
      );
      script_bugtraq_id(41148, 41149, 42801, 43425);
      script_xref(name:"Secunia", value:"41173");
    
      script_name(english:"IBM WebSphere Application Server 6.1 < 6.1.0.33 Multiple Vulnerabilities");
      script_summary(english:"Reads the version number from the SOAP port");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote application server is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "IBM WebSphere Application Server 6.1 before Fix Pack 33 appears to be
    running on the remote host.  As such, it is reportedly affected by
    multiple vulnerabilities :
    
      - An unspecified cross-site scripting vulnerability
        exists in the Administration Console. (PM09250,
        PM11778)
    
      - An unspecified error exists when a Java API for XML Web
        Services (JAX-WS) application with the WS-Security policy
        specifies a Time Stamp value. (PM16014 / PM08360)
    
      - Sensitive information is stored by
        'ceiDbPasswordDefaulter' in the
        '<WAS_HOME>/logs/managedprofiles/*_create.log file.
        (PM12065)
    
      - When security tracing is enabled, it is possible for a
        NullPointerException to be thrown when calling a
        logout on a LoginContext. (PM02636)");
    
      script_set_attribute(attribute:"see_also",value:"http://www-01.ibm.com/support/docview.wss?uid=swg21404665");
      script_set_attribute(attribute:"see_also",value:"http://www-01.ibm.com/support/docview.wss?uid=swg27009778");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg1PM02636");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21443736");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg1PM12065");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg27007951#61033");
      script_set_attribute(attribute:"solution", value:
    "If using WebSphere Application Server, apply Fix Pack 33 (6.1.0.33) or
    later. 
    
    Otherwise, if using embedded WebSphere Application Server packaged with
    Tivoli Directory Server, apply the latest recommended eWAS fix pack.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/09/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/28");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
    
      script_dependencies("websphere_detect.nasl");
      script_require_ports("Services/www", 8880, 8881);
      script_require_keys("www/WebSphere");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    port = get_http_port(default:8880, embedded: 0);
    
    
    version = get_kb_item("www/WebSphere/"+port+"/version");
    if (isnull(version)) exit(1, "Failed to extract the version from the IBM WebSphere Application Server instance listening on port " + port + ".");
    if (version =~ "^[0-9]+(\.[0-9]+)?$")
      exit(1, "Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port " + port + ".");
    
    ver = split(version, sep:'.', keep:FALSE);
    for (i=0; i<max_index(ver); i++)
      ver[i] = int(ver[i]);
    
    if (ver[0] == 6 && ver[1] == 1 && ver[2] == 0 && ver[3] < 33)
    {
      if (report_verbosity > 0)
      {
        source = get_kb_item_or_exit("www/WebSphere/"+port+"/source");
    
        report =
          '\n  Source            : ' + source +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : 6.1.0.33' +
          '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else exit(0, "The WebSphere Application Server "+version+" instance listening on port "+port+" is not affected.");