Vulnerabilities > CVE-2012-2190 - Cryptographic Issues vulnerability in IBM Websphere Application Server

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
ibm
CWE-310
nessus

Summary

IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service (daemon crash) via a crafted ClientHello message in the TLS Handshake Protocol.

Vulnerable Configurations

Part Description Count
Application
Ibm
47

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familyWeb Servers
    NASL idWEBSPHERE_8_0_0_4.NASL
    descriptionIBM WebSphere Application Server 8.0 before Fix Pack 4 appears to be running on the remote host and is potentially affected by the following vulnerabilities : - An input validation error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id61459
    published2012-08-09
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61459
    titleIBM WebSphere Application Server 8.0 < Fix Pack 4 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(61459);
      script_version("1.13");
      script_cvs_date("Date: 2019/12/04");
    
      script_cve_id(
        "CVE-2012-2159",
        "CVE-2012-2161",
        "CVE-2012-2170",
        "CVE-2012-2190",
        "CVE-2012-2191",
        "CVE-2012-3293"
      );
      script_bugtraq_id(
        53755,
        53884,
        54051,
        54743,
        54819,
        55149,
        55185
      );
    
      script_name(english:"IBM WebSphere Application Server 8.0 < Fix Pack 4 Multiple Vulnerabilities");
      script_summary(english:"Reads the version number from the SOAP port");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote application server may be affected by multiple 
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "IBM WebSphere Application Server 8.0 before Fix Pack 4 appears to be
    running on the remote host and is potentially affected by the
    following vulnerabilities :
    
      - An input validation error exists related to the 'Eclipse
        Help System' that can allow arbitrary redirect responses
        to HTTP requests. (CVE-2012-2159, CVE-2012-2161,
        PM62795)
    
      - An error exists related to 'Application Snoop Servlet'
        and missing access controls. This error can allow
        sensitive information to be disclosed. Note that
        exploiting this issue requires that the default
        'Application Snoop Servlet' be installed and running.
        (CVE-2012-2170, PM56183)
    
      - Several errors exist related to SSL/TLS that can allow
        an attacker to carry out denial of service attacks 
        against the application. (CVE-2012-2190, CVE-2012-2191, 
        PM66218)
    
      - Unspecified cross-site scripting issues exist related to
        the administrative console. (CVE-2012-3293, PM60839)");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21606096");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg27022958#8004");
      script_set_attribute(attribute:"solution", value:
    "Apply Fix Pack 4 for version 8.0 (8.0.0.4) or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-2159");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/08/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/09");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("websphere_detect.nasl");
      script_require_keys("www/WebSphere");
      script_require_ports("Services/www", 8880, 8881);
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    
    port = get_http_port(default:8880, embedded:0);
    
    version = get_kb_item_or_exit("www/WebSphere/"+port+"/version");
    if (version =~ "^[0-9]+(\.[0-9]+)?$")
      exit(1, "Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port " + port + ".");
    
    ver = split(version, sep:'.', keep:FALSE);
    for (i=0; i<max_index(ver); i++)
      ver[i] = int(ver[i]);
    
    if (ver[0] == 8 && ver[1] == 0 && ver[2] == 0 && ver[3] < 4)
    {
      set_kb_item(name:'www/'+port+'/XSS', value:TRUE);
    
      if (report_verbosity > 0)
      {
        source = get_kb_item_or_exit("www/WebSphere/"+port+"/source");
    
        report = 
          '\n  Version source    : ' + source + 
          '\n  Installed version : ' + version +
          '\n  Fixed version     : 8.0.0.4' +
          '\n';
        security_warning(port:port, extra:report);
      }
      else security_warning(port);
      exit(0);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "WebSphere", port, version);
    
  • NASL familyGeneral
    NASL idIBM_TSM_SERVER_5_5_X.NASL
    descriptionThe version of IBM Tivoli Storage Manager installed on the remote host is 5.5 running on Windows or AIX. It is, therefore, potentially affected by multiple flaws in its bundled SSL library: - A flaw that could allow a remote attacker to cause a denial of service via a specially crafted
    last seen2020-06-01
    modified2020-06-02
    plugin id77116
    published2014-08-11
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77116
    titleIBM Tivoli Storage Manager Server 5.5.x Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77116);
      script_version("1.4");
      script_cvs_date("Date: 2019/11/25");
    
      script_cve_id("CVE-2012-2190", "CVE-2012-2191", "CVE-2013-0169");
      script_bugtraq_id(54743, 55185, 57778);
    
      script_name(english:"IBM Tivoli Storage Manager Server 5.5.x Multiple Vulnerabilities");
      script_summary(english:"Checks the version of IBM TSM.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote backup service is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of IBM Tivoli Storage Manager installed on the remote host
    is 5.5 running on Windows or AIX. It is, therefore, potentially
    affected by multiple flaws in its bundled SSL library:
    
      - A flaw that could allow a remote attacker to cause a
        denial of service via a specially crafted 'ClientHello'
        message. (CVE-2012-2190).
    
      - A flaw that could allow a remote attacker to cause a
        denial of service via a specially crafted value in
        the TLS Record Layer. (CVE-2012-2191).
    
      - A flaw that could allow a remote attacker to perform a
        statistical timing attack known as 'Lucky Thirteen'.
        (CVE-2013-0169).");
      # http://www-01.ibm.com/support/docview.wss?uid=swg21672360
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7d4a4639");
      # http://www-01.ibm.com/support/docview.wss?uid=swg21672362
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?004af981");
      # http://www-01.ibm.com/support/docview.wss?uid=swg21672363
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9986de60");
      # https://www.ibm.com/blogs/psirt/ibm-security-bulletin-tivoli-storage-manager-server-gskit-session-id-vulnerability-cve-2012-2190/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c6ba80ec");
      # https://www.ibm.com/blogs/psirt/ibm-security-bulletin-tivoli-storage-manager-server-gskit-encrypted-record-length-vulnerability-cve-2012-2191/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8e222bc8");
      # https://www.ibm.com/blogs/psirt/ibm-security-bulletin-tivoli-storage-manager-server-gskit-lucky-13-vulnerability-cve-2013-0169/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?002f4534");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to IBM Tivoli Storage Manager 6.2.6.0, 6.3.4.200 or later or
    disable SSL.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0169");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/03/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/11");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:tivoli_storage_manager");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"General");
    
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ibm_tsm_detect.nasl");
      script_require_keys("installed_sw/IBM Tivoli Storage Manager");
      script_require_ports("Services/tsm-agent");
    
      exit(0);
    }
    
    include("global_settings.inc");
    include("misc_func.inc");
    include("audit.inc");
    include("install_func.inc");
    
    port = get_service(svc:"tsm-agent",exit_on_fail:TRUE);
    prod = "IBM Tivoli Storage Manager";
    get_install_count(app_name:prod, exit_if_zero:TRUE);
    install = get_single_install(app_name:prod, port:port);
    
    # Install data
    os      = install["ReportedOS"]; # In very old versions this can be null
    version = install["version"];
    
    # We only care about 5.5 specifically
    if(version !~ "^5\.5(\.|$)") audit(AUDIT_NOT_LISTEN, prod+" 5.5", port);
    
    # See if SSL is on for the port we're checking
    sslon = get_kb_item("Transports/TCP/"+port);
    sslon = (sslon && sslon > ENCAPS_IP);
    
    # If we cant determine the OS and we don't have paranoia on we don't continue
    # this is probably a version so old it doesn't matter for these checks anyway
    if(isnull(os) && report_paranoia < 2) exit(1,"Cannot determine operating system type");
    
    # Work around is to turn SSL off
    if(!sslon && report_paranoia < 2) audit(AUDIT_LISTEN_NOT_VULN, prod, port);
    
    # Only Windows and AIX are affected.
    if("Windows" >!< os  && "AIX" >!< os) audit(AUDIT_LISTEN_NOT_VULN, prod, port);
    
    if(report_verbosity > 0)
    {
      report =
        '\n  Port              : ' + port +
        '\n  Product           : ' + prod +
        '\n  Installed version : ' + version +
        '\n  Fixed version     : 6.2.6.0 / 6.3.4.200' +
        '\n';
        security_note(port:port,extra:report);
    } else security_note(port);
    
    
  • NASL familyWeb Servers
    NASL idWEBSPHERE_8_5_0_1.NASL
    descriptionIBM WebSphere Application Server 8.5 before Fix Pack 1 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - An input validation error exists related to the
    last seen2020-06-01
    modified2020-06-02
    plugin id62975
    published2012-11-20
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62975
    titleIBM WebSphere Application Server 8.5 < Fix Pack 1 Multiple Vulnerabilities
  • NASL familyDatabases
    NASL idDB2_97FP9.NASL
    descriptionAccording to its version, the installation of IBM DB2 9.7 running on the remote host is prior to Fix Pack 9. It is, therefore, affected by one or more of the following vulnerabilities : - The included software, GSKit, contains several errors related to SSL and TLS that can result in denial of service, information disclosures, or unauthorized insertion of an arbitrary root Certification Authority certificate. (CVE-2012-2190, CVE-2012-2191, CVE-2012-2203, CVE-2013-0169 / IC90395) - A stack-based buffer overflow exists related to
    last seen2020-06-01
    modified2020-06-02
    plugin id71519
    published2013-12-18
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71519
    titleIBM DB2 9.7 < Fix Pack 9 Multiple Vulnerabilities
  • NASL familyWeb Servers
    NASL idWEBSPHERE_7_0_0_25.NASL
    descriptionIBM WebSphere Application Server 7.0 before Fix Pack 25 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - Several errors exist related to SSL/TLS that can allow an attacker to carry out denial of service attacks against the application. (CVE-2012-2190, CVE-2012-2191, PM66218) - Unspecified cross-site scripting issues exist related to the administrative console. (CVE-2012-3293, PM60839) - An unspecified error in the
    last seen2020-06-01
    modified2020-06-02
    plugin id62413
    published2012-10-03
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62413
    titleIBM WebSphere Application Server 7.0 < Fix Pack 25 Multiple Vulnerabilities
  • NASL familyGeneral
    NASL idIBM_TSM_SERVER_6_1_X.NASL
    descriptionThe version of IBM Tivoli Storage Manager installed on the remote host is 6.1 running on Windows or AIX. It is, therefore, potentially affected by multiple flaws in its bundled SSL library: - A flaw that could allow a remote attacker to cause a denial of service via a specially crafted
    last seen2020-06-01
    modified2020-06-02
    plugin id77117
    published2014-08-11
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77117
    titleIBM Tivoli Storage Manager Server 6.1.x Multiple Vulnerabilities
  • NASL familyWeb Servers
    NASL idWEBSPHERE_6_1_0_45.NASL
    descriptionIBM WebSphere Application Server 6.1 before Fix Pack 45 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - An error exists related to
    last seen2020-06-01
    modified2020-06-02
    plugin id62394
    published2012-10-02
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62394
    titleIBM WebSphere Application Server 6.1 < Fix Pack 45 Multiple Vulnerabilities
  • NASL familyGeneral
    NASL idIBM_TSM_SERVER_6_2_6_0.NASL
    descriptionThe version of IBM Tivoli Storage Manager installed on the remote host is 6.2.x prior to 6.2.6.0. It is, therefore, potentially affected by multiple flaws in its bundled SSL library: - A flaw that could allow a remote attacker to cause a denial of service via a specially crafted
    last seen2020-06-01
    modified2020-06-02
    plugin id77118
    published2014-08-11
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77118
    titleIBM Tivoli Storage Manager Server 6.2.x < 6.2.6.0 Multiple Vulnerabilities

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 55185 CVE ID: CVE-2012-2190 IBM WebSphere Application Server (WAS)是由IBM遵照开放标准开发并发行的一种应用服务器。 IBM WebSphere Application Server (WAS) 6.1.0.45之前的6.1.x、7.0.0.25之前的7.0.x、8.0.0.4之前的8.0.x、8.5.0.1之前的8.5.x中,IBM HTTP Server内使用的IBM Global Security Kit (GSKit)在实现上存在远程拒绝服务漏洞,可通过TLS握手协议中的特制ClientHello消息造成拒绝服务。 0 IBM Websphere Application Server 8.x IBM Websphere Application Server 7.x IBM Websphere Application Server 6.x 厂商补丁: IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.ers.ibm.com/
idSSV:60350
last seen2017-11-19
modified2012-08-26
published2012-08-26
reporterRoot
titleIBM WebSphere Application Server远程拒绝服务漏洞