This script is Copyright (C) 2016 Tenable Network Security, Inc.
A message queuing service installed on the remote host is affected
by multiple vulnerabilities.
According to its self-reported version, the IBM WebSphere MQ server
installed on the remote Windows host is version 7.1 without fix pack
18.104.22.168, 7.5 without fix pack 22.214.171.124, or 8.0 without fix pack
126.96.36.199. It is, therefore, affected by multiple vulnerabilities :
- A buffer overflow condition exists in IBM JVM due to
improper validation of user-supplied input. An
unauthenticated, remote attacker can exploit this to
cause a denial of service condition or the execution of
arbitrary code under limited circumstances.
- An unspecified flaw exists in the JCE subcomponent that
allows an unauthenticated, remote attacker to disclose
potentially sensitive information. (CVE-2016-3426)
- An unspecified flaw exists in the JMX subcomponent that
allows an unauthenticated, remote attacker to impact
confidentiality, integrity, and availability. No other
details are available. (CVE-2016-3427)
See also :
Apply the appropriate fix pack according to the vendor advisory.
Alternatively, interim fix IT14908 can also be applied to mitigate
these vulnerabilities if a fix pack is not available.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false