IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.

The remote host appears to be running IBM WebSphere Application Server 8.0.0.x prior to 8.0.0.13.  Such versions are potentially affected by multiple issues :

 - A flaw exists that is triggered as CRLF (Carriage Return and Line Feed) character sequences are not properly sanitized before being included in HTTP responses. This allows a remote attacker to inject additional headers into responses to conduct HTTP response splitting attacks.
 - A flaw exists that is triggered during the handling of specially crafted SIP messages. This may allow a remote attacker to cause a denial of service.
 - An unspecified flaw exists that is triggered during the handling of responses. This may allow a remote attacker gain access to sensitive server identification information.
 - A flaw exists that is due to the program setting insecure unspecified flags on CSRF token cookies, which may allow an attacker to have an unspecified impact. No further details have been provided by the vendor. Based on past disclosures from IBM, this is likely the 'secure' and/or 'HttpOnly' flag.
 - An unspecified flaw exists that is triggered as input is not properly sanitized when deserializing Java objects. This may allow an authenticated remote attacker to potentially execute arbitrary code.

The remote host appears to be running IBM WebSphere Application Server 7.0.0.x prior to 7.0.0.43. Such versions are potentially affected by multiple issues :

 - A flaw exists that is triggered as CRLF (Carriage Return and Line Feed) character sequences are not properly sanitized before being included in HTTP responses. This allows a remote attacker to inject additional headers into responses to conduct HTTP response splitting attacks.
 - A flaw exists that is triggered during the handling of specially crafted SIP messages. This may allow a remote attacker to cause a denial of service.
 - An unspecified flaw exists that is triggered during the handling of responses. This may allow a remote attacker gain access to sensitive server identification information.
 - A flaw exists that is due to the program setting insecure unspecified flags on CSRF token cookies, which may allow an attacker to have an unspecified impact. No further details have been provided by the vendor. Based on past disclosures from IBM, this is likely the 'secure' and/or 'HttpOnly' flag.
 - An unspecified flaw exists that is triggered as input is not properly sanitized when deserializing Java objects. This may allow an authenticated remote attacker to potentially execute arbitrary code.

The remote host appears to be running IBM WebSphere Application Server 9.0 prior to 9.0.0.2.  Such versions are potentially affected by multiple issues :

 - A flaw exists that is triggered during the handling of responses.  This may allow a remote attacker gain access to sensitive server identification information.
 - A flaw exists that is triggered as input is not properly sanitized when deserializing Java objects.  This may allow an authenticated remote attacker to potentially execute arbitrary code.
 - An unspecified flaw exists that is triggered during the handling of SOAP requests.  This may allow a remote attacker to gain access to potentially sensitive information.

The remote host appears to be running IBM WebSphere Application Server 8.5 prior to 8.5.5.11.  Such versions are potentially affected by multiple issues :

 - A flaw exists that is triggered during the handling of responses.  This may allow a remote attacker gain access to sensitive server identification information.
 - A flaw exists that is triggered as input is not properly sanitized when deserializing Java objects.  This may allow an authenticated remote attacker to potentially execute arbitrary code.

The IBM WebSphere Application Server running on the remote host is version 7.0 prior to 7.0.0.43, 8.0 prior to 8.0.0.13, 8.5 prior to 8.5.5.11, or 9.0 prior to 9.0.0.2. It is, therefore, affected by multiple vulnerabilities :

  - A remote code execution vulnerability exists due to     improper sanitization user-supplied input when     deserializing Java objects. An authenticated, remote     attacker can exploit this, via a crafted serialized     object, to execute arbitrary Java code. (CVE-2016-5983)

  - An information disclosure vulnerability exists due to     improper handling of responses. An unauthenticated,     remote attacker can exploit this to disclose sensitive     server identification information. (CVE-2016-5986)

ID	Name	Product	Family	Severity
700016	IBM WebSphere Application Server 8.0.0.x < 8.0.0.13 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	low
700015	IBM WebSphere Application Server 7.0.0.x < 7.0.0.43 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	low
9881	IBM WebSphere Application Server 9.0 < 9.0.0.2 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
9880	IBM WebSphere Application Server 8.5 < 8.5.5.11 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
94512	IBM WebSphere Application Server 7.0 < 7.0.0.43 / 8.0 < 8.0.0.13 / 8.5 < 8.5.5.11 / 9.0 < 9.0.0.2 Multiple Vulnerabilities	Nessus	Web Servers	high

Detections

Analytics

CVE-2016-5983

high

Tenable Plugins

low

low

high

high

high