Vulnerabilities > CVE-2014-0963 - Resource Management Errors vulnerability in IBM products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in IBM Security Access Manager (ISAM) for Web 7.0 before 7.0.0-ISS-SAM-IF0006 and 8.0 before 8.0.0.3-ISS-WGA-IF0002 allows remote attackers to cause a denial of service (infinite loop) via crafted SSL messages.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 2 | |
| Application | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Misc. NASL id IBM_INFORMIX_SERVER_SWG21673008.NASL description The remote Informix server ships with a version of IBM last seen 2020-06-01 modified 2020-06-02 plugin id 80477 published 2015-01-13 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80477 title Informix Server GSKit 7.x < 7.0.4.50 / 8.0.50.x < 8.0.50.20 SSL CPU Utilization DoS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(80477); script_version("1.6"); script_cvs_date("Date: 2018/11/15 20:50:23"); script_cve_id("CVE-2014-0963"); script_bugtraq_id(67238); script_name(english:"Informix Server GSKit 7.x < 7.0.4.50 / 8.0.50.x < 8.0.50.20 SSL CPU Utilization DoS"); script_summary(english:"Checks version of Informix Server and GSKit."); script_set_attribute(attribute:"synopsis", value: "The remote host has an application that is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "The remote Informix server ships with a version of IBM's Global Security kit (GSKit) library that is affected by a denial of service vulnerability. A remote attacker can exploit this issue by sending a specially crafted SSL request to cause the host to become unresponsive."); script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg21673008"); script_set_attribute(attribute:"solution", value: "Upgrade the Informix server or apply the correct GSKit patch per the vendor advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/14"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:global_security_kit"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:informix_dynamic_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ibm_gskit_installed.nasl", "ibm_informix_server_installed.nasl"); script_require_keys("installed_sw/IBM GSKit", "installed_sw/IBM Informix Dynamic Server"); exit(0); } include('audit.inc'); include('global_settings.inc'); include("install_func.inc"); include('misc_func.inc'); ids_app = 'IBM Informix Dynamic Server'; ids_install = get_single_install(app_name:ids_app, exit_if_unknown_ver:TRUE); ids_ver = ids_install['version']; ids_path = ids_install['path']; ids_fix = NULL; gsk_regex = NULL; gsk_fix = NULL; item = pregmatch(pattern: "[cC]([0-9]+)([^0-9]|$)", string: ids_ver); c_num = 0; if (!isnull(item) && !isnull(item[1])) c_num = int(item[1]); # 11.50 (currently no fix for 11.50 branch) if (ids_ver =~ "^11\.50($|[^0-9])") { ids_fix = "None available. Upgrade GSKit."; gsk_regex = "^7\."; gsk_fix = '7.0.4.50'; } # 11.70 < 11.70.xC8 else if (ids_ver =~ "^11\.70($|[^0-9])" && c_num < 8) { ids_fix = "11.70.xC8"; gsk_regex = "^8\.0\.50\."; gsk_fix = "8.0.50.20"; } # 12.10 < 12.10.xC4 else if (ids_ver =~ "^12\.10($|[^0-9])" && c_num < 4) { ids_fix = "12.10.xC4"; gsk_regex = "^8\.0\.50\."; gsk_fix = "8.0.50.20"; } else audit(AUDIT_INST_PATH_NOT_VULN, ids_app, ids_ver, ids_path); # Check GSKit version if Informix is not patched gsk_app = "IBM GSKit"; # We don't bother to exit if we can't detect any GSKit installations gsk_installs = get_installs(app_name:gsk_app); gsk_report = NULL; gsk_vuln = 0; foreach gsk_install (gsk_installs[1]) { gsk_ver = gsk_install['version']; gsk_path = gsk_install['path']; if (gsk_ver =~ gsk_regex && ver_compare(ver:gsk_ver, fix:gsk_fix, strict:FALSE) == -1) { gsk_report += '\n Path : ' + gsk_path + '\n Installed version : ' + gsk_ver + '\n Fixed version : ' + gsk_fix + '\n'; gsk_vuln++; } } port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { report = '\n' + 'The install of ' + ids_app + ' is vulnerable :' + '\n' + '\n' + ' Path : ' + ids_path + '\n' + ' Installed version : ' + ids_ver + '\n' + ' Fixed version : ' + ids_fix + '\n'; server_instances = get_kb_item("Host/" + ids_app + "/Server Instances"); if (!empty_or_null(server_instances)) { instance_list = split(server_instances, sep:' / ', keep:FALSE); report += ' Server instances : ' + '\n - ' + join(instance_list, sep:'\n - ') + '\n'; } if (!isnull(gsk_report)) { instance = " instance "; is_are = " is "; if (gsk_vuln > 1) {instance = " instances "; is_are = " are ";} report += '\nAlso, the following vulnerable'+instance+'of '+gsk_app+is_are+'installed on the'+ '\nremote host :' + '\n' + gsk_report; } security_hole(port:port, extra:report); } else security_hole(port);NASL family Databases NASL id DB2_101FP3A.NASL description According to its version, the installation of IBM DB2 10.1 running on the remote host is prior to Fix Pack 3a. It is, therefore, affected by one or more of the following vulnerabilities : - The included version of GSKit contains an error related to CBC-mode and timing that could allow an attacker to recover plaintext from encrypted communications. (CVE-2013-0169) - An unspecified error exists related to handling malformed certificate chains that could allow denial of service attacks. (CVE-2013-6747) - A build error exists related to libraries in insecure locations that could allow a local user to carry out privilege escalation attacks. Note this issue does not affect the application when running on Microsoft Windows operating systems. (CVE-2014-0907) - An unspecified error exists related to the TLS implementation that could allow certain error cases to cause 100% CPU utilization. (CVE-2014-0963) last seen 2020-06-01 modified 2020-06-02 plugin id 76110 published 2014-06-18 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76110 title IBM DB2 10.1 < Fix Pack 3a Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(76110); script_version("1.9"); script_cvs_date("Date: 2019/11/26"); script_cve_id( "CVE-2013-0169", "CVE-2013-6747", "CVE-2014-0907", "CVE-2014-0963" ); script_bugtraq_id( 57778, 65156, 67238, 67617 ); script_name(english:"IBM DB2 10.1 < Fix Pack 3a Multiple Vulnerabilities"); script_summary(english:"Checks DB2 signature."); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its version, the installation of IBM DB2 10.1 running on the remote host is prior to Fix Pack 3a. It is, therefore, affected by one or more of the following vulnerabilities : - The included version of GSKit contains an error related to CBC-mode and timing that could allow an attacker to recover plaintext from encrypted communications. (CVE-2013-0169) - An unspecified error exists related to handling malformed certificate chains that could allow denial of service attacks. (CVE-2013-6747) - A build error exists related to libraries in insecure locations that could allow a local user to carry out privilege escalation attacks. Note this issue does not affect the application when running on Microsoft Windows operating systems. (CVE-2014-0907) - An unspecified error exists related to the TLS implementation that could allow certain error cases to cause 100% CPU utilization. (CVE-2014-0963)"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21672100"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21671732"); script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg21610582"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg24037557"); script_set_attribute(attribute:"solution", value: "Apply IBM DB2 version 10.1 Fix Pack 3a or Fix Pack 4 or later. Note that the vendor has posted a workaround for the build error issue (CVE-2014-0907) involving the command 'sqllib/bin/db2chglibpath'. Please consult the advisory for detailed instructions."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0907"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/24"); script_set_attribute(attribute:"patch_publication_date", value:"2014/06/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/18"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:db2"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("db2_das_detect.nasl"); script_require_ports("Services/db2das", 523); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("db2_report_func.inc"); port = get_service(svc:"db2das", default:523, exit_on_fail:TRUE); level = get_kb_item_or_exit("DB2/" + port + "/Level"); if (level !~ "^10\.1\.") audit(AUDIT_NOT_LISTEN, "DB2 10.1", port); platform = get_kb_item_or_exit("DB2/"+port+"/Platform"); platform_name = get_kb_item("DB2/"+port+"/Platform_Name"); if (isnull(platform_name)) { platform_name = platform; report_phrase = "platform " + platform; } else report_phrase = platform_name; vuln = FALSE; # Windows 32-bit/64-bit if (platform == 5 || platform == 23) { fixed_level = '10.1.301.770'; if (ver_compare(ver:level, fix:fixed_level) == -1) vuln = TRUE; } # Others else if ( # Linux, 2.6 kernel 32/64-bit platform == 18 || platform == 30 || # AIX platform == 20 ) { fixed_level = '10.1.0.3'; if (ver_compare(ver:level, fix:fixed_level) <= 0) vuln = TRUE; # If not paranoid and at 10.1.0.3 already, # do not report - we cannot tell if FP3a is there. if (level == fixed_level && report_paranoia < 2) exit(1, "Nessus is unable to determine if the patch has been applied or not."); } else { info = 'Nessus does not support version checks against ' + report_phrase + '.\n' + 'To help us better identify vulnerable versions, please send the platform\n' + 'number along with details about the platform, including the operating system\n' + 'version, CPU architecture, and DB2 version to [email protected].\n'; exit(1, info); } if (vuln) { report_db2( severity : SECURITY_HOLE, port : port, platform_name : platform_name, installed_level : level, fixed_level : fixed_level); } else audit(AUDIT_LISTEN_NOT_VULN, "DB2", port, level);NASL family Windows NASL id IBM_NOTES_9_0_1_FP2.NASL description The remote host has a version of IBM Notes (formerly Lotus Notes) 9.0.x prior to 9.0.1 Fix Pack 2 (FP2) installed. It is, therefore, affected by the following vulnerabilities : - An unspecified error exists related to the TLS implementation and the IBM HTTP server that could allow certain error cases to cause 100% CPU utilization. Note this issue only affects Microsoft Windows hosts. (CVE-2014-0963) - Fixes in the Oracle Java CPU for April 2014 are included in the fixed IBM Java release, which is included in the fixed IBM Domino release. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) last seen 2020-06-01 modified 2020-06-02 plugin id 77812 published 2014-09-23 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77812 title IBM Notes 9.0.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(77812); script_version("1.8"); script_cvs_date("Date: 2018/07/12 19:01:17"); script_cve_id( "CVE-2013-6629", "CVE-2013-6954", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0448", "CVE-2014-0449", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-0455", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-0963", "CVE-2014-1876", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2402", "CVE-2014-2409", "CVE-2014-2412", "CVE-2014-2414", "CVE-2014-2420", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427", "CVE-2014-2428" ); script_bugtraq_id( 63676, 64493, 65568, 66856, 66866, 66870, 66873, 66879, 66881, 66883, 66887, 66891, 66894, 66898, 66899, 66902, 66903, 66904, 66905, 66907, 66909, 66910, 66911, 66914, 66915, 66916, 66919, 66920, 67238 ); script_name(english:"IBM Notes 9.0.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities"); script_summary(english:"Checks the version of IBM Notes."); script_set_attribute(attribute:"synopsis", value: "The remote host has software installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote host has a version of IBM Notes (formerly Lotus Notes) 9.0.x prior to 9.0.1 Fix Pack 2 (FP2) installed. It is, therefore, affected by the following vulnerabilities : - An unspecified error exists related to the TLS implementation and the IBM HTTP server that could allow certain error cases to cause 100% CPU utilization. Note this issue only affects Microsoft Windows hosts. (CVE-2014-0963) - Fixes in the Oracle Java CPU for April 2014 are included in the fixed IBM Java release, which is included in the fixed IBM Domino release. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428)"); # Advisory script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21681114"); # 9.0.1 Fix Pack 2 downloads script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg24037141"); # PSIRT blog post # https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-notes-and-domino-multiple-vulnerabilities-in-ibm-java-oracle-april-2014-critical-patch-update-and-ibm-http-server-for-domino-cve-2014-0963/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eb873351"); script_set_attribute(attribute:"solution", value:"Upgrade to IBM Notes 9.0.1 FP2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/15"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/23"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:notes"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("lotus_notes_installed.nasl"); script_require_keys("installed_sw/IBM Notes"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); appname = "IBM Notes"; get_install_count(app_name:appname, exit_if_zero:TRUE); port = get_kb_item('SMB/transport'); if (isnull(port)) port = 445; install = get_single_install(app_name:appname); version = install['version']; path = install['path']; ver_ui = install['display_version']; fix = '9.0.12.14215'; if ( ver_ui =~ "^9\.0\.[01]($|[^0-9])" && ver_compare(ver:version, fix:fix, strict:FALSE) == -1 ) { if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + ver_ui + '\n Fixed version : 9.0.1 FP2 (' + fix + ')' + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_INST_PATH_NOT_VULN, appname, ver_ui, path);NASL family Windows NASL id IBM_GSKIT_8_0_50_20.NASL description The remote Windows host has a version of IBM Global Security Kit prior to 7.0.4.50 / 8.0.14.43 / 8.0.50.20. It is, therefore, affected by the following vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the last seen 2020-06-01 modified 2020-06-02 plugin id 74287 published 2014-06-03 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74287 title IBM Global Security Kit 7 < 7.0.4.50 / 8.0.14.x < 8.0.14.43 / 8.0.50.x < 8.0.50.20 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(74287); script_version("1.6"); script_cvs_date("Date: 2019/11/26"); script_cve_id("CVE-2014-0076", "CVE-2014-0963"); script_bugtraq_id(66363, 67238); script_name(english:"IBM Global Security Kit 7 < 7.0.4.50 / 8.0.14.x < 8.0.14.43 / 8.0.50.x < 8.0.50.20 Multiple Vulnerabilities"); script_summary(english:"Checks GSKit version"); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has a library installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote Windows host has a version of IBM Global Security Kit prior to 7.0.4.50 / 8.0.14.43 / 8.0.50.20. It is, therefore, affected by the following vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076) - A denial of service vulnerability exists which an attacker can exploit by sending a specially crafted SSL request to cause the host to become unresponsive. (CVE-2014-0963)"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21672189"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21672950"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21672843"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21671919"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21673521"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21672843"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21673682"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21672192"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21673749"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21673745"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21673418"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21671732"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21673282"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21672192"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21673259"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21673696"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21673245"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21673689"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21673600"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21672869"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21673717"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21673666"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21673008"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21672724"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21673040"); script_set_attribute(attribute:"solution", value: "Apply GSKit 7.0.4.50 / 8.0.14.43 / 8.0.50.20 or later or apply the appropriate patch referenced in the advisory."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0076"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/24"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/03"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:global_security_kit"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ibm_gskit_installed.nasl"); script_require_keys("installed_sw/IBM GSKit", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); if (!get_kb_item("SMB/Registry/Enumerated")) audit(AUDIT_OS_NOT, "Windows", "Linux"); app = "IBM GSKit"; install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE); version = install['version']; path = install['path']; fix = NULL; if (version =~ '^7\\.0\\.' && ver_compare(ver:version, fix:'7.0.4.50') < 0) fix = '7.0.4.50'; else if (version =~ '^8\\.0\\.14\\.' && ver_compare(ver:version, fix:'8.0.14.43') < 0) fix = '8.0.14.43'; else if (version =~ '^8\\.0\\.50\\.' && ver_compare(ver:version, fix:'8.0.50.20') < 0) fix = '8.0.50.20'; else audit(AUDIT_INST_PATH_NOT_VULN, app, version, path); port = get_kb_item('SMB/transport'); if (!port) port = 445; if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_note(port:port, extra:report); } else security_note(port);NASL family Web Servers NASL id WEBSPHERE_8_0_0_9.NASL description IBM WebSphere Application Server 8.0 prior to Fix Pack 9 is running on the remote host. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6323, PI04777 and PI04880) - A denial of service flaw exists within the Global Security Kit when handling SSLv2 resumption during the SSL/TLS handshake. This could allow a remote attacker to crash the program. (CVE-2013-6329, PI05309) - A buffer overflow flaw exists in the HTTP server with the mod_dav module when using add-ons. This could allow a remote attacker to cause a buffer overflow and a denial of service. (CVE-2013-6438, PI09345) - A cross-site scripting flaw exists within OAuth where user input is not properly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6738, PI05661) - A denial of service flaw exists within the Global Security Kit when handling X.509 certificate chain during the initiation of a SSL/TLS connection. A remote attacker, using a malformed certificate chain, could cause the client or server to crash by hanging the Global Security Kit. (CVE-2013-6747, PI09443) - A denial of service flaw exists within the Apache Commons FileUpload when parsing a content-type header for a multipart request. A remote attacker, using a specially crafted request, could crash the program. (CVE-2014-0050, PI12648, PI12926 and PI13162) - A flaw exists in the Elliptic Curve Digital Signature Algorithm implementation which could allow a malicious process to recover ECDSA nonces. (CVE-2014-0076, PI19700) - A denial of service flaw exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 76995 published 2014-08-04 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76995 title IBM WebSphere Application Server 8.0 < Fix Pack 9 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(76995); script_version("1.10"); script_cvs_date("Date: 2019/11/25"); script_cve_id( "CVE-2013-6323", "CVE-2013-6329", "CVE-2013-6438", "CVE-2013-6738", "CVE-2013-6747", "CVE-2014-0050", "CVE-2014-0076", "CVE-2014-0098", "CVE-2014-0453", "CVE-2014-0460", "CVE-2014-0823", "CVE-2014-0857", "CVE-2014-0859", "CVE-2014-0878", "CVE-2014-0891", "CVE-2014-0963", "CVE-2014-0965", "CVE-2014-3022" ); script_bugtraq_id( 64249, 65156, 65400, 66303, 66914, 66916, 67051, 67238, 67327, 67329, 67335, 67579, 67601, 67720, 68210, 68211 ); script_name(english:"IBM WebSphere Application Server 8.0 < Fix Pack 9 Multiple Vulnerabilities"); script_summary(english:"Reads the version number from the SOAP port."); script_set_attribute(attribute:"synopsis", value: "The remote application server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "IBM WebSphere Application Server 8.0 prior to Fix Pack 9 is running on the remote host. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6323, PI04777 and PI04880) - A denial of service flaw exists within the Global Security Kit when handling SSLv2 resumption during the SSL/TLS handshake. This could allow a remote attacker to crash the program. (CVE-2013-6329, PI05309) - A buffer overflow flaw exists in the HTTP server with the mod_dav module when using add-ons. This could allow a remote attacker to cause a buffer overflow and a denial of service. (CVE-2013-6438, PI09345) - A cross-site scripting flaw exists within OAuth where user input is not properly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6738, PI05661) - A denial of service flaw exists within the Global Security Kit when handling X.509 certificate chain during the initiation of a SSL/TLS connection. A remote attacker, using a malformed certificate chain, could cause the client or server to crash by hanging the Global Security Kit. (CVE-2013-6747, PI09443) - A denial of service flaw exists within the Apache Commons FileUpload when parsing a content-type header for a multipart request. A remote attacker, using a specially crafted request, could crash the program. (CVE-2014-0050, PI12648, PI12926 and PI13162) - A flaw exists in the Elliptic Curve Digital Signature Algorithm implementation which could allow a malicious process to recover ECDSA nonces. (CVE-2014-0076, PI19700) - A denial of service flaw exists in the 'mod_log_config' when logging a cookie with an unassigned value. A remote attacker, using a specially crafted request, can cause the program to crash. (CVE-2014-0098, PI13028) - An information disclosure flaw exists in the 'sun.security.rsa.RSAPadding' with 'PKCS#1' unpadding. This many allow a remote attacker to gain timing information intended to be protected by encryption. (CVE-2014-0453) - A flaw exists with 'com.sun.jndi.dns.DnsClient' related to the randomization of query IDs. This could allow a remote attacker to conduct spoofing attacks. (CVE-2014-0460) - A flaw exists in the Full and Liberty profiles. A remote attacker, using a specially crafted request, could gain access to arbitrary files. (CVE-2014-0823, PI05324) - An information disclosure flaw exists within the Administrative Console. This could allow a network attacker, using a specially crafted request, to gain privileged access. (CVE-2014-0857, PI07808) - A denial of service flaw exists in a web server plugin on servers configured to retry failed POST request. This could allow a remote attacker to crash the application. (CVE-2014-0859, PI08892) - An information disclosure flaw exists within Proxy and ODR servers. This could allow a remote attacker, using a specially crafted request, to gain access to potentially sensitive information. (CVE-2014-0891, PI09786) - A denial of service flaw exists within the IBM Security Access Manager for Web with the Reverse Proxy component. This could allow a remote attacker, using specially crafted TLS traffic, to cause the application on the system to become unresponsive. (CVE-2014-0963, PI17025) - An information disclosure flaw exists when handling SOAP responses. This could allow a remote attacker to potentially gain access to sensitive information. (CVE-2014-0965, PI11434) - An information disclosure flaw exists. A remote attacker, using a specially crafted URL, could gain access to potentially sensitive information. (CVE-2014-3022, PI09594)"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21676092"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21659548"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21663941"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21667254"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21667526"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21672843"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21673013"); script_set_attribute(attribute:"solution", value: "Apply Fix Pack 9 for version 8.0 (8.0.0.9) or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0050"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/01"); script_set_attribute(attribute:"patch_publication_date", value:"2014/06/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/04"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("websphere_detect.nasl"); script_require_keys("www/WebSphere"); script_require_ports("Services/www", 8880, 8881); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:8880, embedded:0); version = get_kb_item_or_exit("www/WebSphere/"+port+"/version"); if (version !~ "^8\.0([^0-9]|$)") audit(AUDIT_NOT_LISTEN, "IBM WebSphere Application Server 8.0", port); if (version =~ "^[0-9]+(\.[0-9]+)?$") audit(AUDIT_VER_NOT_GRANULAR, "IBM WebSphere Application Server", port, version); ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); if (ver[0] == 8 && ver[1] == 0 && ver[2] == 0 && ver[3] < 9) { set_kb_item(name:"www/"+port+"/XSS", value:TRUE); if (report_verbosity > 0) { source = get_kb_item_or_exit("www/WebSphere/"+port+"/source"); report = '\n Version source : ' + source + '\n Installed version : ' + version + '\n Fixed version : 8.0.0.9' + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_LISTEN_NOT_VULN, "IBM WebSphere Application Server", port, version);NASL family Misc. NASL id TIVOLI_ACCESS_MANAGER_EBIZ_6_1_1_10.NASL description According to its self-reported version, the install of the IBM Tivoli Access Manager for e-Business is affected by multiple vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that allows nonce disclosure via the last seen 2020-06-01 modified 2020-06-02 plugin id 80479 published 2015-01-13 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80479 title IBM Tivoli Access Manager for e-Business < 6.0.0.33 / 6.1.0.14 / 6.1.1.10 SSL Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(80479); script_version("1.5"); script_cvs_date("Date: 2019/11/25"); script_cve_id("CVE-2014-0076", "CVE-2014-0963"); script_bugtraq_id(66363, 67238); script_name(english:"IBM Tivoli Access Manager for e-Business < 6.0.0.33 / 6.1.0.14 / 6.1.1.10 SSL Multiple Vulnerabilities"); script_summary(english:"Checks the Runtime component version."); script_set_attribute(attribute:"synopsis", value: "An access and authorization control management system installed on the remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its self-reported version, the install of the IBM Tivoli Access Manager for e-Business is affected by multiple vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that allows nonce disclosure via the 'FLUSH+RELOAD' cache side-channel attack. (CVE-2014-0076) - A denial of service vulnerability exists that allows an attacker, using a specially crafted SSL request, to cause the host to become unresponsive. Note that this issue only affects the WebSEAL component and a workaround is available. (CVE-2014-0963)"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21672950"); script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg21673008"); script_set_attribute(attribute:"solution", value: "Apply the interim fix 6.0.0-ISS-TAM-IF0033 / 6.1.0-ISS-TAM-IF0014 / 6.1.1-ISS-TAM-IF0010 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0076"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/06"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:tivoli_access_manager_for_e-business"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("tivoli_access_manager_ebiz_installed_components_cred.nasl"); script_require_keys("installed_sw/IBM Access Manager for e-Business / IBM Security Access Manager"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); app = 'IBM Access Manager for e-Business / IBM Security Access Manager'; install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE); ver = install['version']; fix = NULL; no_fix = FALSE; # Affected : # 5.1.0.x (no longer supported) # 6.0.0.x < 6.0.0.33 # 6.1.0.x < 6.1.0.14 # 6.1.1.x < 6.1.1.10 if (ver =~ "^5\.1\.0([^0-9]|$)") { fix = "Refer to the advisory."; no_fix = TRUE; } else if (ver =~ "^6\.0\.0\.") fix = "6.0.0.33"; else if (ver =~ "^6\.1\.0\.") fix = "6.1.0.14"; else if (ver =~ "^6\.1\.1\.") fix = "6.1.1.10"; else audit(AUDIT_NOT_INST, app + " ver 5.1.0.x / 6.0.0.x / 6.1.0.x / 6.1.1.x"); if (no_fix || ver_compare(ver:ver, fix:fix, strict:FALSE) < 0) { port = 0; if (report_verbosity > 0) { report = '\n' + '\n Installed version : ' + ver + '\n Fixed version : ' + fix + '\n'; security_note(port:port, extra:report); } else security_note(port); } else audit(AUDIT_INST_VER_NOT_VULN, app, ver);NASL family Windows NASL id IBM_DOMINO_9_0_1_FP2.NASL description The version of IBM Domino (formerly Lotus Domino) installed on the remote host is 9.0.x prior to 9.0.1 Fix Pack 2 (FP2). It is, therefore, affected by the following vulnerabilities : - An unspecified error exists related to the TLS implementation and the IBM HTTP server that could allow certain error cases to cause 100% CPU utilization. Note this issue only affects Microsoft Windows hosts. (CVE-2014-0963) - Fixes in the Oracle Java CPU for April 2014 are included in the fixed IBM Java release, which is included in the fixed IBM Domino release. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) last seen 2020-06-01 modified 2020-06-02 plugin id 77811 published 2014-09-23 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77811 title IBM Domino 9.0.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities (credentialed check) (POODLE) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(77811); script_version("1.11"); script_cvs_date("Date: 2018/07/12 19:01:17"); script_cve_id( "CVE-2013-6629", "CVE-2013-6954", "CVE-2014-0429", "CVE-2014-0446", "CVE-2014-0448", "CVE-2014-0449", "CVE-2014-0451", "CVE-2014-0452", "CVE-2014-0453", "CVE-2014-0454", "CVE-2014-0455", "CVE-2014-0457", "CVE-2014-0458", "CVE-2014-0459", "CVE-2014-0460", "CVE-2014-0461", "CVE-2014-0963", "CVE-2014-1876", "CVE-2014-2398", "CVE-2014-2401", "CVE-2014-2402", "CVE-2014-2409", "CVE-2014-2412", "CVE-2014-2414", "CVE-2014-2420", "CVE-2014-2421", "CVE-2014-2423", "CVE-2014-2427", "CVE-2014-2428", "CVE-2014-3566" ); script_bugtraq_id( 63676, 64493, 65568, 66856, 66866, 66870, 66873, 66879, 66881, 66883, 66887, 66891, 66894, 66898, 66899, 66902, 66903, 66904, 66905, 66907, 66909, 66910, 66911, 66914, 66915, 66916, 66919, 66920, 67238, 70574 ); script_xref(name:"CERT", value:"577193"); script_name(english:"IBM Domino 9.0.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities (credentialed check) (POODLE)"); script_summary(english:"Checks the version of IBM Domino."); script_set_attribute(attribute:"synopsis", value: "The remote host has software installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of IBM Domino (formerly Lotus Domino) installed on the remote host is 9.0.x prior to 9.0.1 Fix Pack 2 (FP2). It is, therefore, affected by the following vulnerabilities : - An unspecified error exists related to the TLS implementation and the IBM HTTP server that could allow certain error cases to cause 100% CPU utilization. Note this issue only affects Microsoft Windows hosts. (CVE-2014-0963) - Fixes in the Oracle Java CPU for April 2014 are included in the fixed IBM Java release, which is included in the fixed IBM Domino release. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566)"); # Advisory script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21681114"); # 9.0.1 Fix Pack 2 downloads script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg24037141"); # PSIRT blog post # https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-notes-and-domino-multiple-vulnerabilities-in-ibm-java-oracle-april-2014-critical-patch-update-and-ibm-http-server-for-domino-cve-2014-0963/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eb873351"); script_set_attribute(attribute:"see_also", value:"https://www.imperialviolet.org/2014/10/14/poodle.html"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/~bodo/ssl-poodle.pdf"); script_set_attribute(attribute:"see_also", value:"https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00"); script_set_attribute(attribute:"solution", value: "Upgrade to IBM Domino version 9.0.1 FP2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/15"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/23"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:domino"); script_set_attribute(attribute:"in_the_news", value:"true"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("lotus_domino_installed.nasl"); script_require_keys("installed_sw/IBM Domino"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); appname = 'IBM Domino'; get_install_count(app_name:appname, exit_if_zero:TRUE); port = get_kb_item('SMB/transport'); if (isnull(port)) port = 445; install = get_single_install(app_name:appname); domino_ver = install['version']; path = install['path']; if (!empty_or_null(install['Java Version'])) java_ver = install['Java Version']; else audit(AUDIT_VER_FAIL, "jvm.dll"); # Fixed jvm.dll version java_fix = '2.4.2.65501'; domino_fix = '9.0.1 FP2'; # Versions 9.0.x affected if ( domino_ver =~ "^9\.0($|[^0-9])" && ver_compare(ver:java_ver, fix:java_fix, strict:FALSE) == -1 ) { if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Domino installed version : ' + domino_ver + '\n JVM installed version : ' + java_ver + '\n JVM fixed version : ' + java_fix + ' (included in Domino ' + domino_fix + ')' + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_INST_PATH_NOT_VULN, "IBM Domino's Java Virtual Machine", java_ver, path);NASL family Databases NASL id DB2_105FP3A.NASL description According to its version, the installation of IBM DB2 10.5 running on the remote host is prior to Fix Pack 3a. It is, therefore, affected by one or more of the following vulnerabilities : - An unspecified error exists related to handling malformed certificate chains that could allow denial of service attacks. (CVE-2013-6747) - A build error exists related to libraries in insecure locations that could allow a local user to carry out privilege escalation attacks. Note this issue does not affect the application when running on Microsoft Windows operating systems. (CVE-2014-0907) - An unspecified error exists related to the TLS implementation that could allow certain error cases to cause 100% CPU utilization. (CVE-2014-0963) last seen 2020-06-01 modified 2020-06-02 plugin id 76111 published 2014-06-18 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76111 title IBM DB2 10.5 < Fix Pack 3a Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(76111); script_version("1.8"); script_cvs_date("Date: 2019/11/26"); script_cve_id("CVE-2013-6747", "CVE-2014-0907", "CVE-2014-0963"); script_bugtraq_id(65156, 67238, 67617); script_name(english:"IBM DB2 10.5 < Fix Pack 3a Multiple Vulnerabilities"); script_summary(english:"Checks DB2 signature."); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its version, the installation of IBM DB2 10.5 running on the remote host is prior to Fix Pack 3a. It is, therefore, affected by one or more of the following vulnerabilities : - An unspecified error exists related to handling malformed certificate chains that could allow denial of service attacks. (CVE-2013-6747) - A build error exists related to libraries in insecure locations that could allow a local user to carry out privilege escalation attacks. Note this issue does not affect the application when running on Microsoft Windows operating systems. (CVE-2014-0907) - An unspecified error exists related to the TLS implementation that could allow certain error cases to cause 100% CPU utilization. (CVE-2014-0963)"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21672100"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21671732"); script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg21647054"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg24037555"); script_set_attribute(attribute:"solution", value: "Apply IBM DB2 version 10.5 Fix Pack 3a or later. Alternatively, in the case of DB2 Version 10.5 Fix Pack 2, contact the vendor to obtain a special build with the interim fix. Note that the vendor has posted a workaround for the build error issue (CVE-2014-0907) involving the command 'sqllib/bin/db2chglibpath'. Please consult the advisory for detailed instructions."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0907"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/24"); script_set_attribute(attribute:"patch_publication_date", value:"2014/06/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/18"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:db2"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("db2_das_detect.nasl"); script_require_ports("Services/db2das", 523); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("db2_report_func.inc"); port = get_service(svc:"db2das", default:523, exit_on_fail:TRUE); level = get_kb_item_or_exit("DB2/" + port + "/Level"); if (level !~ "^10\.5\.") audit(AUDIT_NOT_LISTEN, "DB2 10.5", port); platform = get_kb_item_or_exit("DB2/"+port+"/Platform"); platform_name = get_kb_item("DB2/"+port+"/Platform_Name"); if (isnull(platform_name)) { platform_name = platform; report_phrase = "platform " + platform; } else report_phrase = platform_name; vuln = FALSE; # Windows 32-bit/64-bit if (platform == 5 || platform == 23) { fixed_level = '10.5.301.84'; if (ver_compare(ver:level, fix:fixed_level) == -1) vuln = TRUE; # In the case of 10.5 FP2 and a non-paranoid # scan, do not report as it's not clear that # a special build increases the build level if (level == '10.5.200.109' && report_paranoia < 2) exit(1, "Nessus is unable to determine if the patch has been applied or not."); } # Others else if ( # Linux, 2.6 kernel 32/64-bit platform == 18 || platform == 30 || # AIX platform == 20 ) { fixed_level = '10.5.0.3'; if (ver_compare(ver:level, fix:fixed_level) <= 0) vuln = TRUE; # If not paranoid and at 10.5.0.2/10.5.0.3 already, # do not report - we cannot tell if special build or # FP3a is there. if ((level == '10.5.0.2' || level == fixed_level) && report_paranoia < 2) exit(1, "Nessus is unable to determine if the patch has been applied or not."); } else { info = 'Nessus does not support version checks against ' + report_phrase + '.\n' + 'To help us better identify vulnerable versions, please send the platform\n' + 'number along with details about the platform, including the operating system\n' + 'version, CPU architecture, and DB2 version to [email protected].\n'; exit(1, info); } if (vuln) { fixed_level += ' (10.5 Fix Pack 3a)'; report_db2( severity : SECURITY_HOLE, port : port, platform_name : platform_name, installed_level : level, fixed_level : fixed_level); } else audit(AUDIT_LISTEN_NOT_VULN, "DB2", port, level);NASL family Databases NASL id DB2_91_TLS_SSL_DOS.NASL description According to its version, the installation of IBM DB2 running on the remote host is version 9.1. It is, therefore, affected by one or more of the following vulnerabilities : - An unspecified error exists related to handling malformed certificate chains that could allow denial of service attacks. (CVE-2013-6747) - An unspecified error exists related to the TLS implementation that could allow certain error cases to cause 100% CPU utilization. (CVE-2014-0963) last seen 2020-06-01 modified 2020-06-02 plugin id 76112 published 2014-06-18 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76112 title IBM DB2 9.1 TLS/SSL Multiple DoS Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(76112); script_version("1.6"); script_cvs_date("Date: 2018/07/06 11:26:06"); script_cve_id("CVE-2013-6747", "CVE-2014-0963"); script_bugtraq_id(65156, 67238); script_name(english:"IBM DB2 9.1 TLS/SSL Multiple DoS Vulnerabilities"); script_summary(english:"Checks DB2 signature."); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple denial of service vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its version, the installation of IBM DB2 running on the remote host is version 9.1. It is, therefore, affected by one or more of the following vulnerabilities : - An unspecified error exists related to handling malformed certificate chains that could allow denial of service attacks. (CVE-2013-6747) - An unspecified error exists related to the TLS implementation that could allow certain error cases to cause 100% CPU utilization. (CVE-2014-0963)"); # Advisory script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21671732"); script_set_attribute(attribute:"solution", value: "If the install is under an extended support contract, please contact the vendor for a patch. Alternatively, upgrade to one of the latest supported versions."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/18"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:db2"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("db2_das_detect.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/db2das", 523); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("db2_report_func.inc"); # There is no information regarding fix build numbers, # so this plugin is strictly paranoid-only if (report_paranoia < 2) audit(AUDIT_PARANOID); port = get_service(svc:"db2das", default:523, exit_on_fail:TRUE); level = get_kb_item_or_exit("DB2/" + port + "/Level"); if (level !~ "^9\.1\.") audit(AUDIT_NOT_LISTEN, "DB2 9.1", port); # Go ahead and check platform to preserve unknown-platform # reporting. platform = get_kb_item_or_exit("DB2/"+port+"/Platform"); platform_name = get_kb_item("DB2/"+port+"/Platform_Name"); if (isnull(platform_name)) { platform_name = platform; report_phrase = "platform " + platform; } else report_phrase = platform_name; vuln = FALSE; # Known platforms if ( ( # Windows platform == 5 || platform == 23 || # Linux, 2.6 kernel 32/64-bit platform == 18 || platform == 30 || # AIX platform == 20 ) && level =~ "^9\.1\." ) { vuln = TRUE; } else { info = 'Nessus does not support version checks against ' + report_phrase + '.\n' + 'To help us better identify vulnerable versions, please send the platform\n' + 'number along with details about the platform, including the operating system\n' + 'version, CPU architecture, and DB2 version to [email protected].\n'; exit(1, info); } if (vuln) { report_db2( severity : SECURITY_HOLE, port : port, platform_name : platform_name, installed_level : level, fixed_level : 'See solution'); } else audit(AUDIT_LISTEN_NOT_VULN, "DB2", port, level);NASL family Databases NASL id DB2_98FP5_MULTI_VULN.NASL description According to its version, the installation of IBM DB2 running on the remote host is version 9.8 prior or equal to Fix Pack 5. It is, therefore, affected by one or more of the following vulnerabilities : - An unspecified error exists in the GSKit component when initiating SSL/TLS connections due to improper handling of malformed X.509 certificate chains. A remote attacker can exploit this to cause a denial of service. (CVE-2013-6747) - Untrusted search path vulnerabilities exist in unspecified setuid and setgid programs that allow a local attacker to gain root privileges by using a trojan horse library. (CVE-2014-0907) - An unspecified error exists in the reverse proxy GSKit component that allows a remote attacker to exhaust CPU resources by using crafted SSL messages, resulting in a denial of service. (CVE-2014-0963) - An unspecified error exists during the handling of SELECT statements with XML/XSLT functions that allows a remote attacker to gain access to arbitrary files. (CVE-2014-8910) - A flaw exists in the LUW component when handling SQL statements with unspecified Scaler functions. A remote, authenticated attacker can exploit this to cause a denial of service. (CVE-2015-0157) - An unspecified flaw in the General Parallel File System (GPFS) allows a local attacker to gain root privileges. CVE-2015-0197) - A flaw exists in the General Parallel File System (GPFS), related to certain cipherList configurations, that allows a remote attacker, using specially crafted data, to bypass authentication and execute arbitrary programs with root privileges. (CVE-2015-0198) - A denial of service vulnerability exists in the General Parallel File System (GPFS) that allows a local attacker to corrupt the kernel memory by sending crafted ioctl character device calls to the mmfslinux kernel module. (CVE-2015-0199) - An information disclosure vulnerability exists in the automated maintenance feature. An attacker with elevated privileges, by manipulating a stored procedure, can exploit this issue to disclose arbitrary files owned by the DB2 fenced ID on UNIX/Linux or the administrator on Windows. (CVE-2015-1883) - A flaw exists in the Data Movement feature when handling specially crafted queries. An authenticated, remote attacker can exploit this to delete database rows from a table without having the appropriate privileges. (CVE-2015-1922) - A flaw exists when handling SQL statements having unspecified LUW Scaler functions. An authenticated, remote attacker can exploit this to run arbitrary code, under the privileges of the DB2 instance owner, or to cause a denial of service. (CVE-2015-1935) last seen 2020-06-01 modified 2020-06-02 plugin id 76115 published 2014-06-18 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76115 title IBM DB2 9.8 <= Fix Pack 5 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(76115); script_version("1.13"); script_cvs_date("Date: 2018/07/06 11:26:06"); script_cve_id( "CVE-2013-6747", "CVE-2014-0907", "CVE-2014-0963", "CVE-2014-8910", "CVE-2015-0157", "CVE-2015-0197", "CVE-2015-0198", "CVE-2015-0199", "CVE-2015-1883", "CVE-2015-1922", "CVE-2015-1935" ); script_bugtraq_id( 65156, 67238, 67617, 73278, 73282, 73283, 75908, 75911 ); script_name(english:"IBM DB2 9.8 <= Fix Pack 5 Multiple Vulnerabilities"); script_summary(english:"Checks the DB2 signature."); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its version, the installation of IBM DB2 running on the remote host is version 9.8 prior or equal to Fix Pack 5. It is, therefore, affected by one or more of the following vulnerabilities : - An unspecified error exists in the GSKit component when initiating SSL/TLS connections due to improper handling of malformed X.509 certificate chains. A remote attacker can exploit this to cause a denial of service. (CVE-2013-6747) - Untrusted search path vulnerabilities exist in unspecified setuid and setgid programs that allow a local attacker to gain root privileges by using a trojan horse library. (CVE-2014-0907) - An unspecified error exists in the reverse proxy GSKit component that allows a remote attacker to exhaust CPU resources by using crafted SSL messages, resulting in a denial of service. (CVE-2014-0963) - An unspecified error exists during the handling of SELECT statements with XML/XSLT functions that allows a remote attacker to gain access to arbitrary files. (CVE-2014-8910) - A flaw exists in the LUW component when handling SQL statements with unspecified Scaler functions. A remote, authenticated attacker can exploit this to cause a denial of service. (CVE-2015-0157) - An unspecified flaw in the General Parallel File System (GPFS) allows a local attacker to gain root privileges. CVE-2015-0197) - A flaw exists in the General Parallel File System (GPFS), related to certain cipherList configurations, that allows a remote attacker, using specially crafted data, to bypass authentication and execute arbitrary programs with root privileges. (CVE-2015-0198) - A denial of service vulnerability exists in the General Parallel File System (GPFS) that allows a local attacker to corrupt the kernel memory by sending crafted ioctl character device calls to the mmfslinux kernel module. (CVE-2015-0199) - An information disclosure vulnerability exists in the automated maintenance feature. An attacker with elevated privileges, by manipulating a stored procedure, can exploit this issue to disclose arbitrary files owned by the DB2 fenced ID on UNIX/Linux or the administrator on Windows. (CVE-2015-1883) - A flaw exists in the Data Movement feature when handling specially crafted queries. An authenticated, remote attacker can exploit this to delete database rows from a table without having the appropriate privileges. (CVE-2015-1922) - A flaw exists when handling SQL statements having unspecified LUW Scaler functions. An authenticated, remote attacker can exploit this to run arbitrary code, under the privileges of the DB2 instance owner, or to cause a denial of service. (CVE-2015-1935)"); # Advisories script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21672100"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21671732"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21697987"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21697988"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21698308"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21902662"); script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21959650"); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21902661"); script_set_attribute(attribute:"solution", value: "Contact the vendor to obtain a special build with the interim fix. Note that the vendor has posted a workaround for the build error issue (CVE-2014-0907) involving the command 'sqllib/bin/db2chglibpath'. Please consult the advisory for detailed instructions."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/24"); script_set_attribute(attribute:"patch_publication_date", value:"2014/06/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/18"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:db2"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("db2_das_detect.nasl"); script_require_ports("Services/db2das", 523); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("db2_report_func.inc"); port = get_service(svc:"db2das", default:523, exit_on_fail:TRUE); level = get_kb_item_or_exit("DB2/" + port + "/Level"); if (level !~ "^9\.8\.") audit(AUDIT_NOT_LISTEN, "DB2 9.8", port); platform = get_kb_item_or_exit("DB2/"+port+"/Platform"); platform_name = get_kb_item("DB2/"+port+"/Platform_Name"); if (isnull(platform_name)) { platform_name = platform; report_phrase = "platform " + platform; } else report_phrase = platform_name; vuln = FALSE; # Note : DB2 9.8x is not available for Windows if ( # Linux, 2.6 kernel 32/64-bit platform == 18 || platform == 30 || # AIX platform == 20 ) { fixed_level = '9.8.0.5'; if (ver_compare(ver:level, fix:fixed_level) <= 0) vuln = TRUE; # If not paranoid and at 9.8.0.5 already, # do not report - we cannot tell if a special build is in place. if (level == fixed_level && report_paranoia < 2) exit(1, "Nessus is unable to determine if the patch has been applied or not."); } else { info = 'Nessus does not support version checks against ' + report_phrase + '.\n' + 'To help us better identify vulnerable versions, please send the platform\n' + 'number along with details about the platform, including the operating system\n' + 'version, CPU architecture, and DB2 version to [email protected].\n'; exit(1, info); } if (vuln) { report_db2( severity : SECURITY_HOLE, port : port, platform_name : platform_name, installed_level : level, fixed_level : fixed_level); } else audit(AUDIT_LISTEN_NOT_VULN, "DB2", port, level);NASL family Windows NASL id TIVOLI_DIRECTORY_SVR_SWG21672724.NASL description The remote host is running a version of IBM Security Directory Server (formerly IBM Tivoli Directory Server) and a version of IBM Global Security Kit (GSKit) that is affected by a denial of service vulnerability due to a flaw in the GSKit library. An attacker can exploit this issue via a specially-crafted SSL to use excessive CPU resources resulting in the host to become unresponsive. last seen 2020-06-01 modified 2020-06-02 plugin id 80482 published 2015-01-13 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80482 title IBM Security Directory Server < 6.1.0.61 / 6.2.0.36 / 6.3.0.30 / 6.3.1.2 with GSKit < 7.0.4.50 / 8.0.50.20 SSL CPU Utilization DoS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(80482); script_version("1.3"); script_cvs_date("Date: 2018/08/01 17:36:15"); script_cve_id("CVE-2014-0963"); script_bugtraq_id(67238); script_name(english:"IBM Security Directory Server < 6.1.0.61 / 6.2.0.36 / 6.3.0.30 / 6.3.1.2 with GSKit < 7.0.4.50 / 8.0.50.20 SSL CPU Utilization DoS"); script_summary(english:"Checks the version of Security Directory Server."); script_set_attribute(attribute:"synopsis", value: "The version of IBM Security Directory Server and GSKit is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "The remote host is running a version of IBM Security Directory Server (formerly IBM Tivoli Directory Server) and a version of IBM Global Security Kit (GSKit) that is affected by a denial of service vulnerability due to a flaw in the GSKit library. An attacker can exploit this issue via a specially-crafted SSL to use excessive CPU resources resulting in the host to become unresponsive."); script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21672724"); script_set_attribute(attribute:"solution", value: "Install the appropriate fix based on the vendor's advisory : - 6.1.0.61-ISS-ITDS - 6.2.0.36-ISS-ITDS - 6.3.0.30-ISS-ITDS - 6.3.1.2-ISS-ISDS Alternatively, upgrade GSKit to 7.0.4.50 or 8.0.50.20."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/13"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:security_directory_server"); script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:tivoli_directory_server"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_dependencies("ibm_gskit_installed.nasl", "tivoli_directory_svr_installed.nasl"); script_require_keys("installed_sw/IBM GSKit", "installed_sw/IBM Security Directory Server"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("install_func.inc"); include("misc_func.inc"); tds_name = "IBM Security Directory Server"; tds_install = get_single_install(app_name:tds_name, exit_if_unknown_ver:TRUE); tds_ver = tds_install['version']; tds_path = tds_install['path']; tds_fix = NULL; tds_patch = NULL; gsk_ver_regex = NULL; gsk_fix = NULL; # Ensure that TDS version is affected. if (tds_ver =~ "^6\.1\.") { tds_fix = "6.1.0.61"; tds_patch = "6.1.0.61-ISS-ITDS"; gsk_ver_regex = "^7\."; gsk_fix = '7.0.4.50'; } else if (tds_ver =~ "^6\.2\.") { tds_fix = "6.2.0.36"; tds_patch = "6.2.0.36-ISS-ITDS"; gsk_ver_regex = "^7\."; gsk_fix = '7.0.4.50'; } else if (tds_ver =~ "^6\.3\.0($|[^0-9])") { tds_fix = "6.3.0.30"; tds_patch = "6.3.0.30-ISS-ITDS"; gsk_ver_regex = "^8\."; gsk_fix = '8.0.50.20'; } else if (tds_ver =~ "^6\.3\.1($|[^0-9])") { tds_fix = "6.3.1.2"; tds_patch = "6.3.1.2-ISS-ISDS"; gsk_ver_regex = "^8\."; gsk_fix = '8.0.50.20'; } # If the IF has been installed or the branch is not affected, exit. if (isnull(tds_fix) || ver_compare(ver:tds_ver, fix:tds_fix, strict:FALSE) >= 0) audit(AUDIT_INST_PATH_NOT_VULN, tds_name, tds_ver, tds_path); # If we got this far, we need to look at GSKit. gsk_app = "IBM GSKit"; # We don't bother to exit if we can't detect any GSKit installations gsk_installs = get_installs(app_name:gsk_app); gsk_report = NULL; gsk_vuln = 0; foreach gsk_install (gsk_installs[1]) { gsk_ver = gsk_install['version']; gsk_path = gsk_install['path']; # There can only be a single install per major version. So we will # have at most one vulnerable install. if (gsk_ver !~ gsk_ver_regex) audit(AUDIT_INST_PATH_NOT_VULN, gsk_app, gsk_ver, gsk_path); if ( (gsk_ver =~ "^8\.0\.50\." && ver_compare(ver:gsk_ver, fix:gsk_fix, strict:FALSE) == -1) || (gsk_ver =~ "^7\.0\." && ver_compare(ver:gsk_ver, fix:gsk_fix, strict:FALSE) == -1) ) { gsk_report += '\n Path : ' + gsk_path + '\n Installed GSKit Version : ' + gsk_ver + '\n Fixed GSKit Version : ' + gsk_fix + '\n'; gsk_vuln++; } } port = get_kb_item('SMB/transport'); if (!port) port = 445; if (report_verbosity > 0) { report = '\nThe install of ' + tds_name + ' is vulnerable :' + '\n' + '\n Path : ' + tds_path + '\n Installed version : ' + tds_ver + '\n Fixed version : ' + tds_fix + '\n' + '\nInstall ' + tds_patch + ' to update installation.' + '\n'; if (!isnull(gsk_report)) { instance = " instance "; is_are = " is "; if (gsk_vuln > 1) {instance = " instances "; is_are = " are ";} report += '\nAlso, the following vulnerable'+instance+'of '+gsk_app+is_are+'installed on the'+ '\nremote host :' + '\n' + gsk_report; } security_hole(port:port, extra:report); } else security_hole(port);NASL family Web Servers NASL id WEBSPHERE_7_0_0_33.NASL description IBM WebSphere Application Server 7.0 prior to Fix Pack 33 is running on the remote host. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6323, PI04777 and PI04880) - A denial of service flaw exists within the Global Security Kit when handling SSLv2 resumption during the SSL/TLS handshake. This could allow a remote attacker to crash the program. (CVE-2013-6329, PI05309) - A buffer overflow flaw exists in the HTTP server with the mod_dav module when using add-ons. This could allow a remote attacker to cause a buffer overflow and a denial of service. (CVE-2013-6438, PI09345) - A cross-site scripting flaw exists within OAuth where user input is not properly validated. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship. (CVE-2013-6738, PI05661) - A denial of service flaw exists within the Global Security Kit when handling X.509 certificate chain during the initiation of an SSL/TLS connection. A remote attacker, using a malformed certificate chain, could cause the client or server to crash by hanging the Global Security Kit. (CVE-2013-6747, PI09443) - A denial of service flaw exists within the Apache Commons FileUpload when parsing a content-type header for a multipart request. A remote attacker, using a specially crafted request, could crash the program. (CVE-2014-0050, PI12648, PI12926 and PI13162) - A denial of service flaw exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 76967 published 2014-08-01 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76967 title IBM WebSphere Application Server 7.0 < Fix Pack 33 Multiple Vulnerabilities NASL family Web Servers NASL id WEBSPHERE_8_5_5_3.NASL description The remote host appears to be running IBM WebSphere Application Server 8.5 prior to Fix Pack 8.5.5.3. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the Elliptic Curve Digital Signature Algorithm implementation which could allow a malicious process to recover ECDSA nonces. (CVE-2014-0076, PI19700) - A denial of service flaw exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 77438 published 2014-08-29 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77438 title IBM WebSphere Application Server 8.5 < Fix Pack 8.5.5.3 Multiple Vulnerabilities NASL family Databases NASL id DB2_95FP9_MULTI_VULN.NASL description According to its version, the installation of IBM DB2 9.5 running on the remote host is prior or equal to Fix Pack 9 or 10. It is, therefore, reportedly affected by one or more of the following vulnerabilities : - An unspecified error exists related to handling malformed certificate chains that could allow denial of service attacks. (CVE-2013-6747) - A build error exists related to libraries in insecure locations that could allow a local user to carry out privilege escalation attacks. Note this issue does not affect the application when running on Microsoft Windows operating systems. (CVE-2014-0907) - An unspecified error exists related to the TLS implementation that could allow certain error cases to cause 100% CPU utilization. (CVE-2014-0963) last seen 2020-06-01 modified 2020-06-02 plugin id 76113 published 2014-06-18 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76113 title IBM DB2 9.5 <= Fix Pack 9 or 10 Multiple Vulnerabilities NASL family Databases NASL id DB2_97FP9A.NASL description According to its version, the installation of DB2 9.7 running on the remote host is prior to Fix Pack 9a. It is, therefore, affected by one or more of the following vulnerabilities : - An unspecified error exists related to handling malformed certificate chains that allows denial of service attacks. (CVE-2013-6747) - A build error exists related to libraries in insecure locations that allows a local user to carry out privilege escalation attacks. Note that this issue does not affect the application when running on Microsoft Windows operating systems. (CVE-2014-0907) - An unspecified error exists related to the TLS implementation that allows certain error cases to cause 100% CPU utilization. (CVE-2014-0963) last seen 2020-06-01 modified 2020-06-02 plugin id 76114 published 2014-06-18 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76114 title IBM DB2 9.7 < Fix Pack 9a Multiple Vulnerabilities NASL family General NASL id IBM_GSKIT_8_0_50_20_LINUX.NASL description The remote Linux host has a version of IBM Global Security Kit prior to 7.0.4.50 / 8.0.14.43 / 8.0.50.20. It is, therefore, affected by the following vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA) that could allow nonce disclosure via the last seen 2020-06-01 modified 2020-06-02 plugin id 74288 published 2014-06-03 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74288 title IBM Global Security Kit 7 < 7.0.4.50 / 8.0.14.x < 8.0.14.43 / 8.0.50.x < 8.0.50.20 Multiple Vulnerabilities (Linux) NASL family Misc. NASL id DOMINO_9_0_1_FP2.NASL description According to its version, the IBM Domino (formerly IBM Lotus Domino) application on the remote host is 9.x prior to 9.0.1 Fix Pack 2 (FP2). It is, therefore, affected by the following vulnerabilities : - An unspecified error exists related to the TLS implementation and the IBM HTTP server that could allow certain error cases to cause 100% CPU utilization. Note that this issue only affects Microsoft Windows hosts. (CVE-2014-0963) - Fixes in the Oracle Java CPU for April 2014 are included in the fixed IBM Java release, which is included in the fixed IBM Domino release. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) last seen 2020-06-01 modified 2020-06-02 plugin id 77810 published 2014-09-23 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77810 title IBM Domino 9.x < 9.0.1 Fix Pack 2 Multiple Vulnerabilities (uncredentialed check)
References
- http://secunia.com/advisories/58845
- http://secunia.com/advisories/58845
- http://secunia.com/advisories/59245
- http://secunia.com/advisories/59245
- http://secunia.com/advisories/59249
- http://secunia.com/advisories/59249
- http://www.ibm.com/support/docview.wss?uid=swg21675496
- http://www.ibm.com/support/docview.wss?uid=swg21675496
- http://www.securityfocus.com/bid/67238
- http://www.securityfocus.com/bid/67238
- http://www.securitytracker.com/id/1030707
- http://www.securitytracker.com/id/1030707
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV59660
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV59660
- http://www-01.ibm.com/support/docview.wss?uid=swg21672192
- http://www-01.ibm.com/support/docview.wss?uid=swg21672192
- http://www-01.ibm.com/support/docview.wss?uid=swg21676091
- http://www-01.ibm.com/support/docview.wss?uid=swg21676091
- http://www-01.ibm.com/support/docview.wss?uid=swg21676092
- http://www-01.ibm.com/support/docview.wss?uid=swg21676092
- http://www-304.ibm.com/support/docview.wss?uid=swg21680803
- http://www-304.ibm.com/support/docview.wss?uid=swg21680803
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92844
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92844