IBM WebSphere MQ 7.1 / 7.5 Multiple Vulnerabilities

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.

Synopsis :

The remote Windows host has a service installed that is affected by
multiple vulnerabilities.

Description :

The version of IBM WebSphere MQ server is version 7.1 without Fix
Pack or 7.5 without Fix Pack It is, therefore,
affected by the following vulnerabilities :

- A flaw exists in Global Security Kit (GSkit) due to a
failure to properly validate data when the 'protection
mechanism' is executed against an SSL CBC timing attack.
A remote attacker, using crafted values in the TLS Record
Layer, can exploit this to cause a denial of service.

- A flaw exists in Global Security Kit (GSkit) due to a
failure to properly verify certificates, which can allow
a remote attacker to conduct a man-in-the-middle attack.

- An application can potentially put a sequence of large
messages into the queue, causing a buffer to overflow in
the queue manager. This can lead to a denial of service.

See also :

Solution :

Apply fix pack or later.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.5
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 63099 ()

Bugtraq ID: 54743

CVE ID: CVE-2012-2191

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now