Vulnerabilities > CVE-2019-4505 - Unspecified vulnerability in IBM products

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
ibm
nessus
NVD
Published: 2019-09-20
Updated: 2022-12-07

Summary

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364.

Vulnerable Configurations

Part Description Count
Application
Ibm
57

Nessus

NASL familyWeb Servers
NASL idWEBSPHERE_CVE-2019-4505.NASL
descriptionThe IBM WebSphere Application Server running on the remote host is version 7.0.x prior or equal to 7.0.0.6, 8.0.x, 8.5.0.x prior to 8.5.5.17, or 9.0.x prior to 9.0.5.1. It is, therefore, affected by an information disclosure vulnerability. An unauthenticated remote attacker can exploit this by using a specially crafted URL to obtain any file in a certain directory.
last seen2020-06-01
modified2020-06-02
plugin id133360
published2020-01-30
reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/133360
titleIBM WebSphere Application Server Virtual Enterprise 7.0.x <= 7.0.0.6 / Virtual Enterprise 8.0.x / 8.5.5.x < 8.5.5.17 / 9.0.x < 9.0.5.1 Information Disclosure (CVE-2019-4505)
code
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(133360);
  script_version("1.3");
  script_cvs_date("Date: 2020/02/06");

  script_cve_id("CVE-2019-45050");

  script_name(english:"IBM WebSphere Application Server Virtual Enterprise 7.0.x <= 7.0.0.6 / Virtual Enterprise 8.0.x / 8.5.5.x < 8.5.5.17 / 9.0.x < 9.0.5.1 Information Disclosure (CVE-2019-4505)");
  script_summary(english:"Reads the version number from the SOAP and GIOP services.");

  script_set_attribute(attribute:"synopsis", value:
"The remote web application server is affected by an information disclosure vulnerability");
  script_set_attribute(attribute:"description", value:
"The IBM WebSphere Application Server running on the remote host is
version 7.0.x prior or equal to 7.0.0.6, 8.0.x, 8.5.0.x prior to
8.5.5.17, or 9.0.x prior to 9.0.5.1. It is, therefore, affected by
an information disclosure vulnerability. An unauthenticated remote
attacker can exploit this by using a specially crafted URL to obtain
any file in a certain directory.");
  script_set_attribute(attribute:"see_also", value:"https://exchange.xforce.ibmcloud.com/vulnerabilities/164364");
  script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/support/pages/node/964766");
  script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/support/pages/node/1073902");
  script_set_attribute(attribute:"solution", value:
"Upgrade to IBM WebSphere Application Server 8.5.5.17, 9.0.5.1, or
later.  Alternatively, upgrade to the minimal fix pack levels required
by the interim  fix and then apply Interim Fix PH14796.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-4505");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/09/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/30");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("websphere_detect.nasl");
  script_require_keys("www/WebSphere", "Settings/ParanoidReport");
  script_require_ports("Services/www", 8880, 8881, 9001);

  exit(0);
}

include('vcf.inc');
include('http.inc');

app = 'IBM WebSphere Application Server';
get_install_count(app_name:app, exit_if_zero:TRUE);

if (report_paranoia < 2) audit(AUDIT_PARANOID);

port = get_http_port(default:8880, embedded:FALSE);

app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);

vcf::check_granularity(app_info:app_info, sig_segments:4);

fix = 'Interim Fix PH14796';
constraints = [
  # Interim fix notes 7.0.0.6 as 'applies to' and 'upgrades to', so
  # capping check at 7.0.0.6 based on that. No fixed releases are noted.
  {'min_version':'7.0.0.0', 'max_version':'7.0.0.6', 'fixed_version':fix},
  # Advisory and other pages only note that 8.0..x is vuln with no
  # further guidance. Marking all 8.0.x vuln based on that. No
  # fixed releases are noted, thus noting same fix as 8.5.5.x fix.
  {'min_version':'8.0.0.0', 'max_version':'8.0.9999.9999', 'fixed_version':'8.5.5.17 or 8.5.5.x with ' + fix},
  {'min_version':'8.5.5.0', 'max_version':'8.5.5.16', 'fixed_version':'8.5.5.17 or ' + fix},
  {'min_version':'9.0.0.0', 'max_version':'9.0.5.0', 'fixed_version':'9.0.5.1 or ' + fix}
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

References