Vulnerabilities > CVE-2014-0859 - Denial of Service vulnerability in IBM WebSphere Application Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The web-server plugin in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, when POST retries are enabled, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
Vulnerable Configurations
Nessus
NASL family Web Servers NASL id WEBSPHERE_8_0_0_9.NASL description IBM WebSphere Application Server 8.0 prior to Fix Pack 9 is running on the remote host. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6323, PI04777 and PI04880) - A denial of service flaw exists within the Global Security Kit when handling SSLv2 resumption during the SSL/TLS handshake. This could allow a remote attacker to crash the program. (CVE-2013-6329, PI05309) - A buffer overflow flaw exists in the HTTP server with the mod_dav module when using add-ons. This could allow a remote attacker to cause a buffer overflow and a denial of service. (CVE-2013-6438, PI09345) - A cross-site scripting flaw exists within OAuth where user input is not properly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6738, PI05661) - A denial of service flaw exists within the Global Security Kit when handling X.509 certificate chain during the initiation of a SSL/TLS connection. A remote attacker, using a malformed certificate chain, could cause the client or server to crash by hanging the Global Security Kit. (CVE-2013-6747, PI09443) - A denial of service flaw exists within the Apache Commons FileUpload when parsing a content-type header for a multipart request. A remote attacker, using a specially crafted request, could crash the program. (CVE-2014-0050, PI12648, PI12926 and PI13162) - A flaw exists in the Elliptic Curve Digital Signature Algorithm implementation which could allow a malicious process to recover ECDSA nonces. (CVE-2014-0076, PI19700) - A denial of service flaw exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 76995 published 2014-08-04 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76995 title IBM WebSphere Application Server 8.0 < Fix Pack 9 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(76995); script_version("1.10"); script_cvs_date("Date: 2019/11/25"); script_cve_id( "CVE-2013-6323", "CVE-2013-6329", "CVE-2013-6438", "CVE-2013-6738", "CVE-2013-6747", "CVE-2014-0050", "CVE-2014-0076", "CVE-2014-0098", "CVE-2014-0453", "CVE-2014-0460", "CVE-2014-0823", "CVE-2014-0857", "CVE-2014-0859", "CVE-2014-0878", "CVE-2014-0891", "CVE-2014-0963", "CVE-2014-0965", "CVE-2014-3022" ); script_bugtraq_id( 64249, 65156, 65400, 66303, 66914, 66916, 67051, 67238, 67327, 67329, 67335, 67579, 67601, 67720, 68210, 68211 ); script_name(english:"IBM WebSphere Application Server 8.0 < Fix Pack 9 Multiple Vulnerabilities"); script_summary(english:"Reads the version number from the SOAP port."); script_set_attribute(attribute:"synopsis", value: "The remote application server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "IBM WebSphere Application Server 8.0 prior to Fix Pack 9 is running on the remote host. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6323, PI04777 and PI04880) - A denial of service flaw exists within the Global Security Kit when handling SSLv2 resumption during the SSL/TLS handshake. This could allow a remote attacker to crash the program. (CVE-2013-6329, PI05309) - A buffer overflow flaw exists in the HTTP server with the mod_dav module when using add-ons. This could allow a remote attacker to cause a buffer overflow and a denial of service. (CVE-2013-6438, PI09345) - A cross-site scripting flaw exists within OAuth where user input is not properly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6738, PI05661) - A denial of service flaw exists within the Global Security Kit when handling X.509 certificate chain during the initiation of a SSL/TLS connection. A remote attacker, using a malformed certificate chain, could cause the client or server to crash by hanging the Global Security Kit. (CVE-2013-6747, PI09443) - A denial of service flaw exists within the Apache Commons FileUpload when parsing a content-type header for a multipart request. A remote attacker, using a specially crafted request, could crash the program. (CVE-2014-0050, PI12648, PI12926 and PI13162) - A flaw exists in the Elliptic Curve Digital Signature Algorithm implementation which could allow a malicious process to recover ECDSA nonces. (CVE-2014-0076, PI19700) - A denial of service flaw exists in the 'mod_log_config' when logging a cookie with an unassigned value. A remote attacker, using a specially crafted request, can cause the program to crash. (CVE-2014-0098, PI13028) - An information disclosure flaw exists in the 'sun.security.rsa.RSAPadding' with 'PKCS#1' unpadding. This many allow a remote attacker to gain timing information intended to be protected by encryption. (CVE-2014-0453) - A flaw exists with 'com.sun.jndi.dns.DnsClient' related to the randomization of query IDs. This could allow a remote attacker to conduct spoofing attacks. (CVE-2014-0460) - A flaw exists in the Full and Liberty profiles. A remote attacker, using a specially crafted request, could gain access to arbitrary files. (CVE-2014-0823, PI05324) - An information disclosure flaw exists within the Administrative Console. This could allow a network attacker, using a specially crafted request, to gain privileged access. (CVE-2014-0857, PI07808) - A denial of service flaw exists in a web server plugin on servers configured to retry failed POST request. This could allow a remote attacker to crash the application. (CVE-2014-0859, PI08892) - An information disclosure flaw exists within Proxy and ODR servers. This could allow a remote attacker, using a specially crafted request, to gain access to potentially sensitive information. (CVE-2014-0891, PI09786) - A denial of service flaw exists within the IBM Security Access Manager for Web with the Reverse Proxy component. This could allow a remote attacker, using specially crafted TLS traffic, to cause the application on the system to become unresponsive. (CVE-2014-0963, PI17025) - An information disclosure flaw exists when handling SOAP responses. This could allow a remote attacker to potentially gain access to sensitive information. (CVE-2014-0965, PI11434) - An information disclosure flaw exists. A remote attacker, using a specially crafted URL, could gain access to potentially sensitive information. (CVE-2014-3022, PI09594)"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21676092"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21659548"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21663941"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21667254"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21667526"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21672843"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21673013"); script_set_attribute(attribute:"solution", value: "Apply Fix Pack 9 for version 8.0 (8.0.0.9) or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0050"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/01"); script_set_attribute(attribute:"patch_publication_date", value:"2014/06/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/04"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("websphere_detect.nasl"); script_require_keys("www/WebSphere"); script_require_ports("Services/www", 8880, 8881); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:8880, embedded:0); version = get_kb_item_or_exit("www/WebSphere/"+port+"/version"); if (version !~ "^8\.0([^0-9]|$)") audit(AUDIT_NOT_LISTEN, "IBM WebSphere Application Server 8.0", port); if (version =~ "^[0-9]+(\.[0-9]+)?$") audit(AUDIT_VER_NOT_GRANULAR, "IBM WebSphere Application Server", port, version); ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); if (ver[0] == 8 && ver[1] == 0 && ver[2] == 0 && ver[3] < 9) { set_kb_item(name:"www/"+port+"/XSS", value:TRUE); if (report_verbosity > 0) { source = get_kb_item_or_exit("www/WebSphere/"+port+"/source"); report = '\n Version source : ' + source + '\n Installed version : ' + version + '\n Fixed version : 8.0.0.9' + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "IBM WebSphere Application Server", port, version);NASL family Web Servers NASL id WEBSPHERE_8_5_5_2.NASL description IBM WebSphere Application Server 8.5 prior to Fix Pack 8.5.5.2 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - Numerous errors exist related to the included IBM SDK for Java (based on the Oracle JDK) that could allow denial of service attacks and information disclosure. (CVE-2013-5372, CVE-2013-5780, CVE-2013-5803) - User input validation errors exist related to the Administrative console and the Oauth component that could allow cross-site scripting attacks. (CVE-2013-6725 / PM98132, CVE-2013-6323 / PI04777, CVE-2013-6738 / PI05661) - An error exists due to a failure to properly handle by web services endpoint requests that could allow denial of service attacks. (CVE-2013-6325 / PM99450, PI08267) - An error exists in the included IBM Global Security Kit related to SSL handling that could allow denial of service attacks. (CVE-2013-6329 / PI05309) - A flaw exists with the last seen 2020-06-01 modified 2020-06-02 plugin id 74235 published 2014-05-29 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74235 title IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.2 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(74235); script_version("1.12"); script_cvs_date("Date: 2019/11/26"); script_cve_id( "CVE-2013-5372", "CVE-2013-5780", "CVE-2013-5803", "CVE-2013-6323", "CVE-2013-6325", "CVE-2013-6329", "CVE-2013-6438", "CVE-2013-6725", "CVE-2013-6738", "CVE-2013-6747", "CVE-2014-0050", "CVE-2014-0823", "CVE-2014-0857", "CVE-2014-0859", "CVE-2014-0891", "CVE-2014-0896" ); script_bugtraq_id( 63082, 63115, 63224, 64249, 65096, 65099, 65156, 65400, 66303, 67051, 67327, 67328, 67329, 67335, 67579, 67720 ); script_name(english:"IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.2 Multiple Vulnerabilities"); script_summary(english:"Reads the version number from the SOAP port."); script_set_attribute(attribute:"synopsis", value: "The remote application server may be affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "IBM WebSphere Application Server 8.5 prior to Fix Pack 8.5.5.2 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities : - Numerous errors exist related to the included IBM SDK for Java (based on the Oracle JDK) that could allow denial of service attacks and information disclosure. (CVE-2013-5372, CVE-2013-5780, CVE-2013-5803) - User input validation errors exist related to the Administrative console and the Oauth component that could allow cross-site scripting attacks. (CVE-2013-6725 / PM98132, CVE-2013-6323 / PI04777, CVE-2013-6738 / PI05661) - An error exists due to a failure to properly handle by web services endpoint requests that could allow denial of service attacks. (CVE-2013-6325 / PM99450, PI08267) - An error exists in the included IBM Global Security Kit related to SSL handling that could allow denial of service attacks. (CVE-2013-6329 / PI05309) - A flaw exists with the 'mod_dav' module that is caused when tracking the length of CDATA that has leading white space. A remote attacker with a specially crafted DAV WRITE request can cause the service to stop responding. (CVE-2013-6438 / PI09345) - An error exists in the included IBM Global Security Kit related to malformed X.509 certificate chain handling that could allow denial of service attacks. (CVE-2013-6747 / PI09443) - An error exists in the included Apache Tomcat version related to handling 'Content-Type' HTTP headers and multipart requests such as file uploads that could allow denial of service attacks. (CVE-2014-0050 / PI12648, PI12926) - An unspecified error exists that could allow file disclosures to remote unauthenticated attackers. (CVE-2014-0823 / PI05324) - An unspecified error exists related to the Administrative console that could allow a security bypass. (CVE-2014-0857 / PI07808) - An error exists related to a web server plugin and retrying failed POST requests that could allow denial of service attacks. (CVE-2014-0859 / PI08892) - An error exists related to the Proxy and ODR components that could allow information disclosure. (CVE-2014-0891 / PI09786) - An unspecified error exists related to the 'Liberty Profile' that could allow information disclosure. (CVE-2014-0896 / PI10134)"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg24037250"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg27036319#8552"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21669554"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21655990"); script_set_attribute(attribute:"solution", value: "Apply Fix Pack 8.5.5.2 for version 8.5 (8.5.5.0) or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0050"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/16"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/29"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("websphere_detect.nasl"); script_require_keys("www/WebSphere"); script_require_ports("Services/www", 8880, 8881); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:8880, embedded:0); version = get_kb_item_or_exit("www/WebSphere/"+port+"/version"); source = get_kb_item_or_exit("www/WebSphere/"+port+"/source"); if (version !~ "^8\.5([^0-9]|$)") audit(AUDIT_NOT_LISTEN, "IBM WebSphere Application Server 8.5", port); if (version =~ "^[0-9]+(\.[0-9]+)?$") audit(AUDIT_VER_NOT_GRANULAR, "IBM WebSphere Application Server", port, version); ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); if ( ver[0] == 8 && ver[1] == 5 && ( ver[2] < 5 || (ver[2] == 5 && ver[3] < 2) ) ) { set_kb_item(name:'www/'+port+'/XSS', value:TRUE); if (report_verbosity > 0) { report = '\n Version source : ' + source + '\n Installed version : ' + version + '\n Fixed version : 8.5.5.2' + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "IBM WebSphere Application Server", port, version);NASL family Web Servers NASL id WEBSPHERE_7_0_0_33.NASL description IBM WebSphere Application Server 7.0 prior to Fix Pack 33 is running on the remote host. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6323, PI04777 and PI04880) - A denial of service flaw exists within the Global Security Kit when handling SSLv2 resumption during the SSL/TLS handshake. This could allow a remote attacker to crash the program. (CVE-2013-6329, PI05309) - A buffer overflow flaw exists in the HTTP server with the mod_dav module when using add-ons. This could allow a remote attacker to cause a buffer overflow and a denial of service. (CVE-2013-6438, PI09345) - A cross-site scripting flaw exists within OAuth where user input is not properly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6738, PI05661) - A denial of service flaw exists within the Global Security Kit when handling X.509 certificate chain during the initiation of an SSL/TLS connection. A remote attacker, using a malformed certificate chain, could cause the client or server to crash by hanging the Global Security Kit. (CVE-2013-6747, PI09443) - A denial of service flaw exists within the Apache Commons FileUpload when parsing a content-type header for a multipart request. A remote attacker, using a specially crafted request, could crash the program. (CVE-2014-0050, PI12648, PI12926 and PI13162) - A denial of service flaw exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 76967 published 2014-08-01 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76967 title IBM WebSphere Application Server 7.0 < Fix Pack 33 Multiple Vulnerabilities
References
- http://www.securityfocus.com/bid/67335
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI08892
- http://www-01.ibm.com/support/docview.wss?uid=swg21669554
- http://www-01.ibm.com/support/docview.wss?uid=swg21676091
- http://www-01.ibm.com/support/docview.wss?uid=swg21676092
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90879