Vulnerabilities > CVE-2011-1209 - Cryptographic Issues vulnerability in IBM Websphere Application Server

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
ibm
CWE-310
nessus

Summary

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a (1) JAX-RPC or (2) JAX-WS Web Services request via unspecified vectors related to a "decryption attack."

Vulnerable Configurations

Part Description Count
Application
Ibm
46

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familyWeb Servers
    NASL idWEBSPHERE_7_0_0_17.NASL
    descriptionIBM WebSphere Application Server 7.0 before Fix Pack 17 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - Use of an insecure XML encryption algorithm could allow for decryption of JAX-RPC or JAX-WS Web Services requests. (PM34841) - A remote attacker can gain unspecified application access on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used. (PM35480) Note that the fix for PM34841 is not enabled by default in order to maintain application compatibility with respect to SOAPFaults. To enable it, it is necessary to set the
    last seen2020-06-01
    modified2020-06-02
    plugin id55169
    published2011-06-17
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55169
    titleIBM WebSphere Application Server 7.0 < Fix Pack 17 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(55169);
      script_version("1.10");
      script_cvs_date("Date: 2018/08/06 14:03:16");
    
      script_cve_id("CVE-2011-1209", "CVE-2011-1683");
      script_bugtraq_id(47122, 47831);
    
      script_name(english:"IBM WebSphere Application Server 7.0 < Fix Pack 17 Multiple Vulnerabilities");
      script_summary(english:"Reads the version number from the SOAP port");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote application server may be affected by multiple vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "IBM WebSphere Application Server 7.0 before Fix Pack 17 appears to be
    running on the remote host.  As such, it is potentially affected by
    the following vulnerabilities :
    
      - Use of an insecure XML encryption algorithm could allow
        for decryption of JAX-RPC or JAX-WS Web Services
        requests. (PM34841)
    
      - A remote attacker can gain unspecified application access
        on z/OS, when a Local OS user registry or Federated
        Repository with RACF adapter is used. (PM35480)
    
    Note that the fix for PM34841 is not enabled by default in order to
    maintain application compatibility with respect to SOAPFaults.  To
    enable it, it is necessary to set the 'webservices.unify.faults=true'
    JVM custom property once the update has been installed."
      );
      script_set_attribute(attribute:"see_also",value:"http://www-01.ibm.com/support/docview.wss?uid=swg21404665");
      script_set_attribute(attribute:"see_also",value:"http://www-01.ibm.com/support/docview.wss?uid=swg27009778");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg24029632");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21473989");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg27014463#70017");
      script_set_attribute(attribute:"solution", value:
    "If using WebSphere Application Server, apply Fix Pack 17 (7.0.0.17) or
    later. 
    
    Otherwise, if using embedded WebSphere Application Server packaged with
    Tivoli Directory Server, apply the latest recommended eWAS fix pack.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/05/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/06/17");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
    
      script_dependencies("websphere_detect.nasl");
      script_require_ports("Services/www", 8880, 8881);
      script_require_keys("www/WebSphere");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    
    port = get_http_port(default:8880, embedded:0);
    
    
    version = get_kb_item("www/WebSphere/"+port+"/version");
    if (isnull(version)) exit(1, "Failed to extract the version from the IBM WebSphere Application Server instance listening on port " + port + ".");
    if (version =~ "^[0-9]+(\.[0-9]+)?$")
      exit(1, "Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port " + port + ".");
    
    ver = split(version, sep:'.', keep:FALSE);
    for (i=0; i<max_index(ver); i++)
      ver[i] = int(ver[i]);
    
    if (ver[0] == 7 && ver[1] == 0 && ver[2] == 0 && ver[3] < 17)
    {
      if (report_verbosity > 0)
      {
        source = get_kb_item_or_exit("www/WebSphere/"+port+"/source");
    
        report =
          '\n  Source            : ' + source +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : 7.0.0.17' +
          '\n';
        security_warning(port:port, extra:report);
      }
      else security_warning(port);
      exit(0);
    }
    else exit(0, "The WebSphere Application Server "+version+" instance listening on port "+port+" is not affected.");
    
  • NASL familyWeb Servers
    NASL idWEBSPHERE_6_1_0_39.NASL
    descriptionIBM WebSphere Application Server 6.1 before Fix Pack 39 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - Use of an insecure XML encryption algorithm could allow for decryption of JAX-RPC or JAX-WS Web Services requests. (PM34841) - An error exists in the validation of the
    last seen2020-06-01
    modified2020-06-02
    plugin id55649
    published2011-07-22
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55649
    titleIBM WebSphere Application Server 6.1 < 6.1.0.39 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(55649);
      script_version("1.6");
      script_cvs_date("Date: 2018/08/06 14:03:16");
    
      script_cve_id("CVE-2011-1209", "CVE-2011-1355", "CVE-2011-1356");
      script_bugtraq_id(47831, 48709, 48710);
    
      script_name(english:"IBM WebSphere Application Server 6.1 < 6.1.0.39 Multiple Vulnerabilities");
      script_summary(english:"Reads the version number from the SOAP port");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote application server is affected by multiple vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "IBM WebSphere Application Server 6.1 before Fix Pack 39 appears to be
    running on the remote host.  As such, it is potentially affected by
    the following vulnerabilities :
    
      - Use of an insecure XML encryption algorithm could allow
        for decryption of JAX-RPC or JAX-WS Web Services
        requests. (PM34841)
    
      - An error exists in the validation of the
        'logoutExitPage' parameter that can allow a remote
        attacker to bypass security restrictions and redirect
        users in support of a phishing attack. (PM35701)
    
      - An error exists in the handling of administration
        console requests. This error can allow a local attacker
        to use a specially crafted request to view sensitive
        stack-trace information. (PM36620)"
      );
      script_set_attribute(attribute:"see_also",value:"http://www-01.ibm.com/support/docview.wss?uid=swg21404665");
      script_set_attribute(attribute:"see_also",value:"http://www-01.ibm.com/support/docview.wss?uid=swg27009778");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg27007951#61039");
      script_set_attribute(attribute:"solution", value:
    "If using WebSphere Application Server, apply Fix Pack 39 (6.1.0.39) or
    later. 
    
    Otherwise, if using embedded WebSphere Application Server packaged with
    Tivoli Directory Server, apply the latest recommended eWAS fix pack.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/04/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/07/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/07/22");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
    
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
    
      script_dependencies("websphere_detect.nasl");
      script_require_ports("Services/www", 8880, 8881);
      script_require_keys("www/WebSphere");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    port = get_http_port(default:8880, embedded:FALSE);
    
    
    version = get_kb_item("www/WebSphere/"+port+"/version");
    if (isnull(version)) exit(1, "Failed to extract the version from the IBM WebSphere Application Server instance listening on port " + port + ".");
    if (version =~ "^[0-9]+(\.[0-9]+)?$")
      exit(1, "Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port " + port + ".");
    
    ver = split(version, sep:'.', keep:FALSE);
    for (i=0; i<max_index(ver); i++)
      ver[i] = int(ver[i]);
    
    if (ver[0] == 6 && ver[1] == 1 && ver[2] == 0 && ver[3] < 39)
    {
      if (report_verbosity > 0)
      {
        source = get_kb_item_or_exit("www/WebSphere/"+port+"/source");
    
        report =
          '\n  Source            : ' + source +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : 6.1.0.39' +
          '\n';
        security_warning(port:port, extra:report);
      }
      else security_warning(port);
      exit(0);
    }
    else exit(0, "The WebSphere Application Server "+version+" instance listening on port "+port+" is not affected.");