Vulnerabilities > CVE-2018-1719 - Unspecified vulnerability in IBM Websphere Application Server

047910
CVSS 5.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
high complexity
ibm
nessus

Summary

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security under certain conditions. This could result in a downgrade of TLS protocol. A remote attacker could exploit this vulnerability to perform man-in-the-middle attacks. IBM X-Force ID: 147292.

Nessus

NASL familyWeb Servers
NASL idWEBSPHERE_CVE-2018-1719.NASL
descriptionThe IBM WebSphere Application Server running on the remote host is version 8.5.x prior to 8.5.5.15, or 9.0.0.x prior to 9.0.0.9. It is, therefore, potentially affected by TLS downgrade vulnerability.
last seen2020-06-01
modified2020-06-02
plugin id125595
published2019-05-30
reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/125595
titleIBM WebSphere Application Server 8.5.x < 8.5.5.15 / 9.0.0.x < 9.0.0.9 TLS Downgrade Vulnerability (CVE-2018-1719)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(125595);
  script_version("1.3");
  script_cvs_date("Date: 2020/02/06");

  script_cve_id("CVE-2018-1719");
  script_bugtraq_id(108496);

  script_name(english:"IBM WebSphere Application Server 8.5.x < 8.5.5.15 / 9.0.0.x < 9.0.0.9 TLS Downgrade Vulnerability (CVE-2018-1719)");
  script_summary(english:"Reads the version number from the SOAP and GIOP services.");

  script_set_attribute(attribute:"synopsis", value:
"The remote web application server is affected by a TLS downgrade
vulnerability.");
  script_set_attribute(attribute:"description", value:
"The IBM WebSphere Application Server running on the remote host is
version 8.5.x prior to 8.5.5.15, or 9.0.0.x prior to 9.0.0.9. It is,
therefore, potentially affected by TLS downgrade vulnerability.");
  script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=ibm10718837");
  script_set_attribute(attribute:"solution", value:
"Upgrade to IBM WebSphere Application Server 8.5.5.15 or 9.0.0.9 or
later. Alternatively, upgrade to the minimal fix pack levels required
by the interim fix and then apply Interim Fix PI98768.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1719");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/09/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/30");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("websphere_detect.nasl");
  script_require_ports("Services/www", 8880, 8881, 9001);
  script_require_keys("www/WebSphere", "Settings/ParanoidReport");

  exit(0);
}

include("vcf.inc");
include("http.inc");

app = "IBM WebSphere Application Server";
get_install_count(app_name:app, exit_if_zero:TRUE);

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_http_port(default:8880, embedded:FALSE);

app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);

vcf::check_granularity(app_info:app_info, sig_segments:4);

fix = "Interim Fix PI98768";
constraints = [
  {"min_version":"8.5.0.0", "max_version":"8.5.5.14", "fixed_version":"8.5.5.15 or " + fix},
  {"min_version":"9.0.0.0", "max_version":"9.0.0.8", "fixed_version":"9.0.0.9 or " + fix}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);