Vulnerabilities > CVE-2011-1322 - Resource Management Errors vulnerability in IBM Websphere Application Server

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
ibm
CWE-399
nessus
NVD
Published: 2011-03-08
Updated: 2011-03-09

Summary

The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via encrypted SOAP messages.

Vulnerable Configurations

Part Description Count
Application
Ibm
33

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWeb Servers
    NASL idWEBSPHERE_6_1_0_37.NASL
    descriptionIBM WebSphere Application Server 6.1 before Fix Pack 37 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - It is possible to trigger a DoS condition via SAAJ API provided by the WebSphere Web services runtime. (PM19534) - An unspecified cross-site scripting vulnerability exists in the IVT application. (PM20393) - The AuthCache purge implementation is not able to purge a user in AuthCache. (PM24668) - A remote attacker can gain unspecified application access on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used. (PM35478)
    last seen2020-06-01
    modified2020-06-02
    plugin id53475
    published2011-04-18
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/53475
    titleIBM WebSphere Application Server 6.1 < 6.1.0.37 Multiple Vulnerabilities
    code
    #
# (C) Tenable Network Security, Inc.
#


include("compat.inc");


if (description)
{
  script_id(53475);
  script_version("1.15");
  script_cvs_date("Date: 2018/11/15 20:50:26");

  script_cve_id(
    "CVE-2011-1308",
    "CVE-2011-1321",
    "CVE-2011-1322",
    "CVE-2011-1683"
  );
  script_bugtraq_id(46736, 47122);
  script_xref(name:"Secunia", value:"44031");

  script_name(english:"IBM WebSphere Application Server 6.1 < 6.1.0.37 Multiple Vulnerabilities");
  script_summary(english:"Reads the version number from the SOAP port");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote application server is affected by multiple vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"IBM WebSphere Application Server 6.1 before Fix Pack 37 appears to be
running on the remote host.  As such, it is potentially affected by
the following vulnerabilities :

  - It is possible to trigger a DoS condition via SAAJ
    API provided by the WebSphere Web services runtime.
    (PM19534)

  - An unspecified cross-site scripting vulnerability
    exists in the IVT application. (PM20393)

  - The AuthCache purge implementation is not able to
    purge a user in AuthCache. (PM24668)

  - A remote attacker can gain unspecified application access
    on z/OS, when a Local OS user registry or Federated
    Repository with RACF adapter is used. (PM35478)"
  );
  script_set_attribute(attribute:"see_also",value:"http://www-01.ibm.com/support/docview.wss?uid=swg21404665");
  script_set_attribute(attribute:"see_also",value:"http://www-01.ibm.com/support/docview.wss?uid=swg27009778");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21473989");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg1PM19534");
  script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg1PM24668");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg27007951#61037");
  script_set_attribute(attribute:"solution", value:
"If using WebSphere Application Server, apply Fix Pack 37 (6.1.0.37) or
later. 

Otherwise, if using embedded WebSphere Application Server packaged with
Tivoli Directory Server, apply the latest recommended eWAS fix pack.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/04/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/18");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");

  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");

  script_dependencies("websphere_detect.nasl");
  script_require_ports("Services/www", 8880, 8881);
  script_require_keys("www/WebSphere");

  exit(0);
}


include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:8880, embedded:FALSE);


version = get_kb_item("www/WebSphere/"+port+"/version");
if (isnull(version)) exit(1, "Failed to extract the version from the IBM WebSphere Application Server instance listening on port " + port + ".");
if (version =~ "^[0-9]+(\.[0-9]+)?$")
  exit(1, "Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port " + port + ".");

ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

if (ver[0] == 6 && ver[1] == 1 && ver[2] == 0 && ver[3] < 37)
{
  set_kb_item(name:'www/'+port+'/XSS', value:TRUE);

  if (report_verbosity > 0)
  {
    source = get_kb_item_or_exit("www/WebSphere/"+port+"/source");

    report =
      '\n  Source            : ' + source +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 6.1.0.37' +
      '\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
  exit(0);
}
else exit(0, "The WebSphere Application Server "+version+" instance listening on port "+port+" is not affected.");
  • NASL familyWeb Servers
    NASL idWEBSPHERE_7_0_0_15.NASL
    descriptionIBM WebSphere Application Server 7.0 before Fix Pack 15 appears to be running on the remote host. As such, it is reportedly affected by the following vulnerabilities : - A double free error in BBOOORBR control block could trigger a denial of service condition. (PM17170) - A cross-site scripting vulnerability exists in the web container. (PM18512) - It is possible for authenticated users to trigger a DoS condition by using Lightweight Third-Party Authentication (LTPA) tokens for authentication. (PM18644) - Sensitive wsadmin command parameters are included in trace files, which could result in an information disclosure vulnerability. (PM18736) - A memory leak in
    last seen2020-06-01
    modified2020-06-02
    plugin id52615
    published2011-03-10
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52615
    titleIBM WebSphere Application Server 7.0 < Fix Pack 15 Multiple Vulnerabilities

References