Vulnerabilities > CVE-2013-0482 - Unspecified vulnerability in IBM products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
ibm
nessus

Summary

IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 through 8.5.0.2 and WebSphere Message Broker 6.1, 7.0 through 7.0.0.5, and 8.0 through 8.0.0.2, when WS-Security is used, allows remote attackers to spoof the signatures of messages via a crafted SOAP message, related to a "Signature Wrap attack," a different vulnerability than CVE-2011-1377 and CVE-2013-0489.

Vulnerable Configurations

Part Description Count
Application
Ibm
44

Nessus

  • NASL familyWeb Servers
    NASL idWEBSPHERE_7_0_0_29.NASL
    descriptionIBM WebSphere Application Server 7.0 before Fix Pack 29 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - The TLS protocol in the GSKIT component is vulnerable to a plaintext recovery attack. (CVE-2013-0169, PM85211) - The WS-Security run time contains a flaw that could be triggered by a specially crafted SOAP request to execute arbitrary code. (CVE-2013-0482, PM76582) - A denial of service vulnerability exists, caused by a buffer overflow on localOS registry when using WebSphere Identity Manager (WIM). (CVE-2013-0541, PM74909) - An unspecified cross-site scripting vulnerability exists related to the administrative console. (CVE-2013-0542, CVE-2013-2967, PM78614, PM81846) - A validation flaw exists relating to
    last seen2020-06-01
    modified2020-06-02
    plugin id68982
    published2013-07-19
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68982
    titleIBM WebSphere Application Server 7.0 < Fix Pack 29 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68982);
      script_version("1.9");
      script_cvs_date("Date: 2019/11/27");
    
      script_cve_id(
        "CVE-2013-0169",
        "CVE-2013-0482",
        "CVE-2013-0541",
        "CVE-2013-0542",
        "CVE-2013-0543",
        "CVE-2013-0544",
        "CVE-2013-0597",
        "CVE-2013-1768",
        "CVE-2013-2967",
        "CVE-2013-2976",
        "CVE-2013-3029"
      );
      script_bugtraq_id(
        57778,
        59247,
        59248,
        59250,
        59251,
        59650,
        60534,
        60724
      );
    
      script_name(english:"IBM WebSphere Application Server 7.0 < Fix Pack 29 Multiple Vulnerabilities");
      script_summary(english:"Reads the version number from the SOAP port");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote application server is potentially affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "IBM WebSphere Application Server 7.0 before Fix Pack 29 appears to be
    running on the remote host.  It is, therefore, potentially affected by
    the following vulnerabilities :
    
      - The TLS protocol in the GSKIT component is vulnerable
        to a plaintext recovery attack. (CVE-2013-0169, PM85211)
    
      - The WS-Security run time contains a flaw that could be
        triggered by a specially crafted SOAP request to execute
        arbitrary code. (CVE-2013-0482, PM76582)
    
      - A denial of service vulnerability exists, caused by a
        buffer overflow on localOS registry when using WebSphere
        Identity Manager (WIM). (CVE-2013-0541, PM74909)
    
      - An unspecified cross-site scripting vulnerability exists
        related to the administrative console. (CVE-2013-0542,
        CVE-2013-2967, PM78614, PM81846)
    
      - A validation flaw exists relating to 'Local OS
        registries' that may allow a remote attacker to bypass
        security. (CVE-2013-0543, PM75582)
    
      - A directory traversal vulnerability exists in the
        administrative console via the 'PARAMETER' parameter.
        (CVE-2013-0544, PM82468)
    
      - A flaw exists relating to OAuth that could allow a
        remote attacker to obtain someone else's credentials.
        (CVE-2013-0597, PM85834, PM87131)
    
      - A flaw exists relating to OpenJPA that is triggered
        during deserialization that may allow a remote attacker
        to write to the file system and potentially execute
        arbitrary code. (CVE-2013-1768, PM86780, PM86786,
        PM86788, PM86791)
    
      - An information disclosure issue exists relating to
        incorrect caching by the administrative console.
        (CVE-2013-2976, PM79992)
    
      - A user-supplied input validation error exists that could
        allow cross-site request (CSRF) attacks to be carried
        out. (CVE-2013-3029, PM88746)");
      # https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_potential_security_vulnerabilities_fixed_in_ibm_websphere_application_server_7_0_0_29?lang=en_us
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0379569f");
      script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21640799");
      script_set_attribute(attribute:"solution", value:
    "If using WebSphere Application Server, apply Fix Pack 29 (7.0.0.29)
    or later.
    
    Otherwise, if using embedded WebSphere Application Server packaged
    with Tivoli Directory Server, apply the latest recommended eWAS fix
    pack.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1768");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/06/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/19");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("websphere_detect.nasl");
      script_require_keys("www/WebSphere");
      script_require_ports("Services/www", 8880, 8881);
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    
    port = get_http_port(default:8880, embedded:0);
    
    
    version = get_kb_item_or_exit("www/WebSphere/"+port+"/version");
    if (version =~ "^[0-9]+(\.[0-9]+)?$")
      exit(1, "Failed to extract a granular version from the IBM WebSphere Application Server " + version + " instance listening on port " + port + ".");
    
    ver = split(version, sep:'.', keep:FALSE);
    for (i=0; i<max_index(ver); i++)
      ver[i] = int(ver[i]);
    
    if (ver[0] == 7 && ver[1] == 0 && ver[2] == 0 && ver[3] < 29)
    {
      set_kb_item(name:'www/'+port+'/XSS', value:TRUE);
      set_kb_item(name:'www/'+port+'/XSRF', value:TRUE);
    
      if (report_verbosity > 0)
      {
        source = get_kb_item_or_exit("www/WebSphere/"+port+"/source");
        report =
          '\n  Version source    : ' + source +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : 7.0.0.29' +
          '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "WebSphere", port, version);
    
  • NASL familyWeb Servers
    NASL idWEBSPHERE_8_5_5.NASL
    descriptionIBM WebSphere Application Server 8.5 before Fix Pack 8.5.5 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - The TLS protocol in the GSKIT component is vulnerable to a plaintext recovery attack. (CVE-2013-0169, PM85211) - The WS-Security run time contains a flaw that could be triggered by a specially crafted SOAP request to execute arbitrary code. (CVE-2013-0482, PM76582) - A flaw exists relating to OAuth that could allow a remote attacker to obtain someone else
    last seen2020-06-01
    modified2020-06-02
    plugin id69021
    published2013-07-23
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69021
    titleIBM WebSphere Application Server 8.5 < Fix Pack 8.5.5 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(69021);
      script_version("1.8");
      script_cvs_date("Date: 2019/11/27");
    
      script_cve_id(
        "CVE-2013-0169",
        "CVE-2013-0482",
        "CVE-2013-0597",
        "CVE-2013-1768",
        "CVE-2013-2967",
        "CVE-2013-2975",
        "CVE-2013-2976",
        "CVE-2013-3024"
      );
      script_bugtraq_id(
        57778,
        59650,
        60534,
        60724
      );
    
      script_name(english:"IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5 Multiple Vulnerabilities");
      script_summary(english:"Reads the version number from the SOAP port");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote application server may be affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "IBM WebSphere Application Server 8.5 before Fix Pack 8.5.5 appears to
    be running on the remote host and is, therefore, potentially affected by
    the following vulnerabilities :
    
      - The TLS protocol in the GSKIT component is vulnerable
        to a plaintext recovery attack. (CVE-2013-0169, PM85211)
    
      - The WS-Security run time contains a flaw that could be
        triggered by a specially crafted SOAP request to execute
        arbitrary code. (CVE-2013-0482, PM76582)
    
      - A flaw exists relating to OAuth that could allow a
        remote attacker to obtain someone else's credentials.
        (CVE-2013-0597, PM85834, PM87131)
    
      - A flaw exists relating to OpenJPA that is triggered
        during deserialization, which could allow a remote
        attacker to write to the file system and potentially
        execute arbitrary code. (CVE-2013-1768, PM86780,
        PM86786, PM86788, PM86791)
    
      - An unspecified cross-site scripting vulnerability exists
        related to the administrative console. (CVE-2013-2967,
        PM78614)
    
      - An unspecified vulnerability exists.  (CVE-2013-2975)
    
      - An information disclosure vulnerability exists relating
        to incorrect caching by the administrative console.
        (CVE-2013-2976, PM79992)
    
      - An improper process initialization flaw exists on UNIX
        platforms that could allow a local attacker to execute
        arbitrary commands. (CVE-2013-3024, PM86245)");
      script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?&uid=swg21639553");
      # https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_potential_security_vulnerabilities_fixed_in_ibm_websphere_application_server_8_5_5?lang=en_us
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?aa3b02e5");
      script_set_attribute(attribute:"solution", value:
    "Apply Fix Pack 8.5.5 for version 8.5 (8.5.5.0) or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1768");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/07/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/23");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("websphere_detect.nasl");
      script_require_keys("www/WebSphere");
      script_require_ports("Services/www", 8880, 8881);
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    
    port = get_http_port(default:8880, embedded:0);
    
    version = get_kb_item_or_exit("www/WebSphere/"+port+"/version");
    source = get_kb_item_or_exit("www/WebSphere/"+port+"/source");
    
    if (version !~ "^8\.5([^0-9]|$)") exit(0, "The version of the IBM WebSphere Application Server instance listening on port "+port+" is "+version+", not 8.5.");
    
    if (version =~ "^[0-9]+(\.[0-9]+)?$")
      exit(1, "Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port " + port + ".");
    
    ver = split(version, sep:'.', keep:FALSE);
    for (i=0; i<max_index(ver); i++)
      ver[i] = int(ver[i]);
    
    if (ver[0] == 8 && ver[1] == 5 && ver[2] < 5)
    {
      set_kb_item(name:'www/'+port+'/XSS', value:TRUE);
      if (report_verbosity > 0)
      {
        report =
          '\n  Version source    : ' + source +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : 8.5.5' +
          '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "WebSphere", port, version);
    
  • NASL familyWeb Servers
    NASL idWEBSPHERE_8_5_0_2.NASL
    descriptionIBM WebSphere Application Server 8.5 before Fix Pack 2 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - The included Java SDK contains several errors that affect the application directly. (CVE-2013-0169, CVE-2013-0440, CVE-2013-0443) - Input validation errors exist related to the administration console that could allow cross-site scripting attacks. (CVE-2013-0458 / PM71139, CVE-2013-0461 / PM71389, CVE-2013-0542 / PM81846, CVE-2013-0565 / PM83402) - An input validation error exists related to the administration console that could allow cross-site scripting attacks. Note that this issue affects only the application when running on z/OS operating systems. (CVE-2013-0459 / PM72536) - An unspecified error could allow security bypass for authenticated users. (CVE-2013-0462 / PM76886 or PM79937) - An error exists related to
    last seen2020-06-01
    modified2020-06-02
    plugin id66375
    published2013-05-10
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66375
    titleIBM WebSphere Application Server 8.5 < Fix Pack 2 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66375);
      script_version("1.10");
      script_cvs_date("Date: 2019/11/27");
    
      script_cve_id(
        "CVE-2013-0169",
        "CVE-2013-0440",
        "CVE-2013-0443",
        "CVE-2013-0458",
        "CVE-2013-0459",
        "CVE-2013-0461",
        "CVE-2013-0462",
        "CVE-2013-0482",
        "CVE-2013-0540",
        "CVE-2013-0541",
        "CVE-2013-0542",
        "CVE-2013-0543",
        "CVE-2013-0544",
        "CVE-2013-0565"
      );
      script_bugtraq_id(
        57508,
        57509,
        57512,
        57513,
        57702,
        57712,
        57778,
        59246,
        59247,
        59248,
        59250,
        59251,
        59252,
        59650
      );
    
      script_name(english:"IBM WebSphere Application Server 8.5 < Fix Pack 2 Multiple Vulnerabilities");
      script_summary(english:"Reads the version number from the SOAP port");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote application server may be affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "IBM WebSphere Application Server 8.5 before Fix Pack 2 appears to be
    running on the remote host and is, therefore, potentially affected by
    the following vulnerabilities :
    
      - The included Java SDK contains several errors that
        affect the application directly. (CVE-2013-0169,
        CVE-2013-0440, CVE-2013-0443)
    
      - Input validation errors exist related to the
        administration console that could allow cross-site
        scripting attacks. (CVE-2013-0458 / PM71139,
        CVE-2013-0461 / PM71389, CVE-2013-0542 / PM81846,
        CVE-2013-0565 / PM83402)
    
      - An input validation error exists related to the
        administration console that could allow cross-site
        scripting attacks. Note that this issue affects only
        the application when running on z/OS operating systems.
        (CVE-2013-0459 / PM72536)
    
      - An unspecified error could allow security bypass for
        authenticated users. (CVE-2013-0462 / PM76886 or
        PM79937)
    
      - An error exists related to 'WS-Security' and SOAP
        message handling that could allow an attacker to spoof
        message signatures. (CVE-2013-0482 / PM76582)
    
      - An error exists related to authentication cookies that
        could allow remote attackers to gain access to
        restricted resources. Note this only affects the
        application when running the 'Liberty Profile'.
        (CVE-2013-0540 / PM81056)
    
      - A buffer overflow error exists related to 'WebSphere
        Identity Manger (WIM)' that could allow denial of
        service attacks. (CVE-2013-0541 / PM74909)
    
      - An unspecified error could allow security bypass, thus
        allowing remote attackers access to restricted resources
        on HP, Linux and Solaris hosts.
        (CVE-2013-0543 / PM75582)
    
      - An unspecified error related to the administration
        console could allow directory traversal attacks on
        Unix and Linux hosts. (CVE-2013-0544 / PM82468)");
      script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?&uid=swg21632423");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21627634");
      # https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_security_vulnerabilites_fixed_in_ibm_websphere_application_server_8_5_0_2?lang=en_us
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?889b42fc");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg24034672");
      script_set_attribute(attribute:"solution", value:
    "Apply Fix Pack 2 for version 8.5 (8.5.0.2) or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0462");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/04/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/10");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("websphere_detect.nasl");
      script_require_keys("www/WebSphere");
      script_require_ports("Services/www", 8880, 8881);
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    
    port = get_http_port(default:8880, embedded:0);
    
    version = get_kb_item_or_exit("www/WebSphere/"+port+"/version");
    source = get_kb_item_or_exit("www/WebSphere/"+port+"/source");
    
    if (version !~ "^8\.5([^0-9]|$)") exit(0, "The version of the IBM WebSphere Application Server instance listening on port "+port+" is "+version+", not 8.5.");
    
    if (version =~ "^[0-9]+(\.[0-9]+)?$")
      exit(1, "Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port " + port + ".");
    
    ver = split(version, sep:'.', keep:FALSE);
    for (i=0; i<max_index(ver); i++)
      ver[i] = int(ver[i]);
    
    if (ver[0] == 8 && ver[1] == 5 && ver[2] == 0 && ver[3] < 2)
    {
      set_kb_item(name:'www/'+port+'/XSS', value:TRUE);
    
      if (report_verbosity > 0)
      {
        report =
          '\n  Version source    : ' + source +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : 8.5.0.2' +
          '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "WebSphere", port, version);
    
  • NASL familyWeb Servers
    NASL idWEBSPHERE_8_0_0_6.NASL
    descriptionIBM WebSphere Application Server 8.0 before Fix Pack 6 appears to be running on the remote host. It is, therefore, potentially affected by the following vulnerabilities : - An input validation error exists that could allow cross-site request forgery (CSRF) attacks. (CVE-2012-4853 / PM62920) - The included Java SDK contains several errors that affect the application directly. (CVE-2013-0169, CVE-2013-0440, CVE-2013-0443) - Input validation errors exist related to the administration console that could allow cross-site scripting attacks. (CVE-2013-0458 / PM71139, CVE-2013-0461 / PM71389, CVE-2013-0542 / PM81846) - An input validation error exists related to the administration console that could allow cross-site scripting attacks. Note that this issue affects only the application when running on z/OS operating systems. (CVE-2013-0459 / PM72536) - An unspecified error could allow security bypass for authenticated users. (CVE-2013-0462 / PM76886 or PM79937) - An error exists related to
    last seen2020-06-01
    modified2020-06-02
    plugin id66374
    published2013-05-10
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66374
    titleIBM WebSphere Application Server 8.0 < Fix Pack 6 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66374);
      script_version("1.14");
      script_cvs_date("Date: 2019/11/27");
    
      script_cve_id(
        "CVE-2012-4853",
        "CVE-2013-0169",
        "CVE-2013-0440",
        "CVE-2013-0443",
        "CVE-2013-0458",
        "CVE-2013-0459",
        "CVE-2013-0461",
        "CVE-2013-0462",
        "CVE-2013-0482",
        "CVE-2013-0541",
        "CVE-2013-0542",
        "CVE-2013-0543",
        "CVE-2013-0544"
      );
      script_bugtraq_id(
        56458,
        57508,
        57509,
        57512,
        57513,
        57702,
        57712,
        57778,
        59246,
        59247,
        59248,
        59250,
        59251,
        59252,
        59650
      );
    
      script_name(english:"IBM WebSphere Application Server 8.0 < Fix Pack 6 Multiple Vulnerabilities");
      script_summary(english:"Reads the version number from the SOAP port");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote application server may be affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "IBM WebSphere Application Server 8.0 before Fix Pack 6 appears to be
    running on the remote host.  It is, therefore, potentially affected by
    the following vulnerabilities :
    
      - An input validation error exists that could allow
        cross-site request forgery (CSRF) attacks.
        (CVE-2012-4853 / PM62920)
    
      - The included Java SDK contains several errors that
        affect the application directly. (CVE-2013-0169,
        CVE-2013-0440, CVE-2013-0443)
    
      - Input validation errors exist related to the
        administration console that could allow cross-site
        scripting attacks. (CVE-2013-0458 / PM71139,
        CVE-2013-0461 / PM71389, CVE-2013-0542 / PM81846)
    
      - An input validation error exists related to the
        administration console that could allow cross-site
        scripting attacks. Note that this issue affects only
        the application when running on z/OS operating systems.
        (CVE-2013-0459 / PM72536)
    
      - An unspecified error could allow security bypass for
        authenticated users. (CVE-2013-0462 / PM76886 or
        PM79937)
    
      - An error exists related to 'WS-Security' and SOAP
        message handling that could allow an attacker to spoof
        message signatures. (CVE-2013-0482 / PM76582)
    
      - A buffer overflow error exists related to 'WebSphere
        Identity Manger (WIM)' that could allow denial of
        service attacks. (CVE-2013-0541 / PM74909)
    
      - An unspecified error could allow security bypass, thus
        allowing remote attackers access to restricted resources
        on HP, Linux and Solaris hosts.
        (CVE-2013-0543 / PM75582)
    
      - An unspecified error related to the administration
        console could allow directory traversal attacks on
        Unix and Linux hosts. (CVE-2013-0544 / PM82468)");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21634646");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21627634");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg24034673");
      script_set_attribute(attribute:"solution", value:
    "Apply Fix Pack 6 for version 8.0 (8.0.0.6) or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0462");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/04/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/10");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("websphere_detect.nasl");
      script_require_keys("www/WebSphere");
      script_require_ports("Services/www", 8880, 8881);
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    
    port = get_http_port(default:8880, embedded:0);
    
    
    version = get_kb_item_or_exit("www/WebSphere/"+port+"/version");
    if (version =~ "^[0-9]+(\.[0-9]+)?$")
      exit(1, "Failed to extract a granular version from the IBM WebSphere Application Server " + version + " instance listening on port " + port + ".");
    
    ver = split(version, sep:'.', keep:FALSE);
    for (i=0; i<max_index(ver); i++)
      ver[i] = int(ver[i]);
    
    if (ver[0] == 8 && ver[1] == 0 && ver[2] == 0 && ver[3] < 6)
    {
      set_kb_item(name:"www/"+port+"/XSS", value:TRUE);
      set_kb_item(name:"www/"+port+"/XSRF", value:TRUE);
      if (report_verbosity > 0)
      {
        source = get_kb_item_or_exit("www/WebSphere/"+port+"/source");
        report =
          '\n  Version source    : ' + source +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : 8.0.0.6' +
          '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "WebSphere", port, version);