Vulnerabilities > CVE-2017-1433 - Unspecified vulnerability in IBM Websphere MQ

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
ibm
nessus

Summary

IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803.

Nessus

NASL familyWindows
NASL idWEBSPHERE_MQ_SWG22005525.NASL
descriptionAccording to its self-reported version, the IBM WebSphere MQ server installed on the remote Windows host is 7.5.x without patch APAR IT15943, 8.0.0.x prior to 8.0.0.8, 9.0.x prior to 9.0.4, or 9.0.0.x prior to 9.0.0.2. It is, therefore, affected by multiple vulnerabilities.
last seen2020-06-01
modified2020-06-02
plugin id105082
published2017-12-07
reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/105082
titleIBM WebSphere MQ 7.5.x / 8.0.0.x < 8.0.0.8 / 9.0.x < 9.0.4 / 9.0.0.x < 9.0.0.2 Multiple Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(105082);
  script_version("1.5");
  script_cvs_date("Date: 2018/08/07 11:56:12");

  script_cve_id("CVE-2017-1341", "CVE-2017-1433");
  script_bugtraq_id(102042);

  script_name(english:"IBM WebSphere MQ 7.5.x / 8.0.0.x < 8.0.0.8 / 9.0.x < 9.0.4 / 9.0.0.x < 9.0.0.2 Multiple Vulnerabilities");
  script_summary(english:"Checks the version of IBM WebSphere MQ.");

  script_set_attribute(attribute:"synopsis", value:
"A message queuing service installed on the remote host is affected by
multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, the IBM WebSphere MQ server
installed on the remote Windows host is 7.5.x without patch APAR 
IT15943, 8.0.0.x prior to 8.0.0.8, 9.0.x prior to 9.0.4, or 9.0.0.x 
prior to 9.0.0.2. It is, therefore, affected by multiple 
vulnerabilities.");
  script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg22005400");
  script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg22005525");
  script_set_attribute(attribute:"solution", value:
"Upgrade to WebSphere MQ version 8.0.0.8 / 9.0.4 / 9.0.0.2 or later.
  - For version 7.5.x, apply the patch APAR IT15943.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/11/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_mq");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");

  script_dependencies("websphere_mq_installed.nasl");
  script_require_keys("installed_sw/IBM WebSphere MQ", "Settings/ParanoidReport");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");

app_name = "IBM WebSphere MQ";
install  = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);

if (report_paranoia < 2) audit(AUDIT_PARANOID);

version  = install['version'];
path     = install['path'];
fix      = NULL;
flag     = FALSE;

if(version =~ "^7\.5\.0\.[0-8]")
{
  fix = "Apply Interim Fix APAR IT15943";
  flag = TRUE;
}
else if(version =~ "^8\.0\.0\.[0-7]")
  fix = "8.0.0.8";
else if(version =~ "^9\.0\.[123]")
  fix = "9.0.4";
else if(version =~ "^9\.0\.0\.[01]")
  fix = "9.0.0.2";
else
  audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);

# Check affected version
if(flag || ver_compare(ver:version, fix:fix, strict:FALSE) == -1)
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;
  report =
    '\n  Path              : ' + path +
    '\n  Installed version : ' + version +
    '\n  Fixed version     : ' + fix +
    '\n';
  security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);
}
else audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);