Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.

The IBM WebSphere Application Server running on the remote host is version 7.0 prior to 7.0.0.43, 8.0 prior to 8.0.0.13, 8.5 prior to 8.5.5.10, 9.0 prior to 9.0.0.1, or 16.0 (Liberty) prior to 16.0.0.3.
It is, therefore, affected by an information disclosure vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this to cause a buffer overflow condition, resulting in the disclosure of sensitive information.

The remote host appears to be running IBM WebSphere Application Server 9.0 prior to 9.0.0.1.  Such versions are potentially affected by multiple issues :

 - A flaw exists that is triggered during the handling of specially crafted SIP messages.  This may allow a remote attacker to cause a denial of service.
 - An overflow condition exists that is triggered as certain input is not properly validated.  This may allow an authenticated remote attacker to cause a buffer overflow, potentially allowing them to bypass security restrictions and disclose sensitive information.
 - A flaw exists that is due to the program setting insecure unspecified flags on CSRF token cookies, which may allow an attacker to have an unspecified impact.  No further details have been provided by the vendor.  Based on past disclosures from IBM, this is likely the 'secure' and/or 'HttpOnly' flag.

The remote host appears to be running IBM WebSphere Application Server 8.5 prior to 8.5.5.10.  Such versions are potentially affected by multiple issues :

 - A flaw exists that is triggered as CRLF (Carriage Return and Line Feed) character sequences are not properly sanitized before being included in HTTP responses.  This allows a remote attacker to inject additional headers into responses to conduct HTTP response splitting attacks.
 - A flaw exists that is triggered during the handling of specially crafted SIP messages.  This may allow a remote attacker to cause a denial of service.
 - A flaw exists that is due to the program improperly setting the CSRFtoken cookie.  This may allow an authenticated remote attacker to gain access to potentially sensitive information.
 - An overflow condition exists that is triggered as certain input is not properly validated.  This may allow an authenticated remote attacker to cause a buffer overflow, potentially allowing them to bypass security restrictions and disclose sensitive information.
 - A flaw exists that is due to the program setting insecure unspecified flags on CSRF token cookies, which may allow an attacker to have an unspecified impact.  No further details have been provided by the vendor.  Based on past disclosures from IBM, this is likely the 'secure' and/or 'HttpOnly' flag.

The remote host appears to be running IBM WebSphere Application Server 8.0 prior to 8.0.0.12.  Such versions are potentially affected by multiple issues :

 - A flaw exists that is triggered as CRLF (Carriage Return and Line Feed) character sequences are not properly sanitized before being included in HTTP responses.  This allows a remote attacker to inject additional headers into responses to conduct HTTP response splitting attacks.
 - An unspecified flaw exists in the edge component caching proxy that could cause weaker than intended encryption, which may potentially allow an authenticated remote attacker to more easily decrypt information.
 - A flaw exists allowing a reflected cross-site scripting (XSS) vulnerability due to a failure to properly validate output from the OAuth provider before returning it to users.  An authenticated, remote attacker can exploit this, via a specially crafted URL, to execute arbitrary script code in a user's browser session within the security context of the hosting website.
 - A flaw exists that is triggered when handling a connect call that is interrupted.  This may allow a remote attacker to crash the plug-in component and cause a partial denial of service.
 - An overflow condition exists that is triggered as certain input is not properly validated.  This may allow an authenticated remote attacker to cause a buffer overflow, potentially allowing them to bypass security restrictions and disclose sensitive information.

The remote host appears to be running IBM WebSphere Application Server 7.0 prior to 7.0.0.41.  Such versions are potentially affected by multiple issues :

 - A flaw exists allowing a reflected cross-site scripting (XSS) vulnerability due to a failure to properly validate output from the OAuth provider before returning it to users.  An authenticated, remote attacker can exploit this, via a specially crafted URL, to execute arbitrary script code in a user's browser session within the security context of the hosting website. (CVE-2015-7417)
 - A flaw exists in the FIPS140-2 implementation that is related to an improper TLS configuration.  This may allow an attacker with the ability to intercept network traffic (e.g. MitM, DNS cache poisoning) to disclose transmitted data. (CVE-2016-0306)
 - A flaw exists that is due to the program improperly setting the CSRFtoken cookie.  This may allow an authenticated remote attacker to gain access to potentially sensitive information. (CVE-2016-0377)
 - An overflow condition exists that is triggered as certain input is not properly validated.  This may allow an authenticated remote attacker to cause a buffer overflow, potentially allowing them to bypass security restrictions and disclose sensitive information. (CVE-2016-0385)

Versions of IBM DB2 10.5 prior to Fix Pack 8 and 11.x prior to 11.1 are potentially affected by multiple vulnerabilities :

 - An unspecified flaw exists that may allow a local attacker to gain elevated privileges. No further details have been provided by the vendor.
 - An unspecified flaw exists that may allow a local attacker to gain access to arbitrary memory locations. No further details have been provided by the vendor.
 - An unspecified flaw exists that is triggered when dereferencing user pointers. This may allow a local attacker to crash the file system.
 - A flaw exists in the 'DTDScanner::scanChildren()' function in 'validators/DTD/DTDScanner.cpp' that is triggered when handling user requests. With a specially crafted request, a context-dependent attacker can cause the application linked against the library to exhaust resources causing it to stop responding or crash.
 - A flaw exists that is triggered when a local attacker sets environment variables that are processed by setuid programs. This may allow the attacker to execute commands with root privileges.
 - A flaw exists that is triggered when a local attacker supplies command line parameters to setuid programs. This may allow the attacker to execute commands with root privileges.
 - An overflow condition exists that is triggered as certain input is not properly validated. This may allow an authenticated remote attacker to cause a buffer overflow, potentially allowing them to bypass security restrictions and disclose sensitive information.
 - A flaw exists that is due to the program insecurely loading binaries planted in a location that a SETGID or SETUID binary would execute. This may allow a local attacker to gain elevated, root privileges.
 - A flaw exists in the 'SQLNP_SCOPE_TRIAL()' function that is triggered during the handling of SQL statements. This may allow an authenticated attacker to crash the database.
 - Multiple flaws exist in the Query Compiler QGM that is triggered when handling specific queries. With a specially crafted query, an authenticated attacker can cause the database to crash.

ID	Name	Product	Family	Severity
94582	IBM WebSphere Application Server 7.0 < 7.0.0.43 / 8.0 < 8.0.0.13 / 8.5 < 8.5.5.10 / 9.0 < 9.0.0.1 / Liberty 16.0 < 16.0.0.3 Information Disclosure	Nessus	Web Servers	low
9722	IBM WebSphere Application Server 9.0 < 9.0.0.1 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	medium
9720	IBM WebSphere Application Server 8.5 < 8.5.5.10 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	medium
9714	IBM WebSphere Application Server 8.0 < 8.0.0.12 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	low
9701	IBM WebSphere Application Server 7.0 < 7.0.0.41 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	low
9590	IBM DB2 10.5 < Fix Pack 8 / 11.x < 11.1 Multiple Vulnerabilities	Nessus Network Monitor	Database	critical

Detections

Analytics

CVE-2016-0385

low

Tenable Plugins

low

medium

medium

low

low

critical