IBM WebSphere MQ 7.0.1.x / 7.1.0.x < 7.1.0.9 / 7.5.0.x < 7.5.0.8 / 8.0.0.x < 8.0.0.6 / 9.0.0.x < 9.0.0.1 Multiple Vulnerabilities

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

A message queuing service installed on the remote host is affected by
multiple vulnerabilities.

Description :

According to its self-reported version, the IBM WebSphere MQ server
installed on the remote Windows host is version 7.0.1.x without patch
APAR IT14385, 7.1.0.x prior to 7.1.0.9, 7.5.0.x prior to 7.5.0.8,
8.0.0.x prior to 8.0.0.6, or 9.0.0.x prior to 9.0.0.1. It is,
therefore, affected by multiple vulnerabilities :

- A flaw exists in the Java Message Service (JMS) in the
JMSObjectMessage class due to improper sanitization of
input when deserializing Java objects. An authenticated,
remote attacker can exploit this to execute arbitrary
code. (CVE-2016-0360)

- A flaw exists due to improper data conversion handling
that allows an authenticated, remote attacker to crash
the MQ channel. (CVE-2016-3013)

- A flaw exists that under nonstandard configurations
causes password data to be sent in cleartext over the
network. A man-in-the-middle attacker can exploit this
to disclose passwords. (CVE-2016-3052)

- An unspecified flaw exists that allows an authenticated,
remote attacker, who has access to the queue manager and
queue, to cause a denial of service to other channels
running under the same process. (CVE-2016-8915)

- A flaw exists that allows an unauthenticated, remote
attacker to have an unspecified impact. No other details
are available. (CVE-2016-8971)

- An unspecified flaw exists that allows an authenticated,
remote attacker, who has access to the queue manager,
to disrupt MQ channels using specially crafted HTTP
requests, resulting in a denial of service condition.
(CVE-2016-8986)

- An unspecified flaw exists that allows an authenticated,
remote attacker, who has authority to create cluster
objects, to cause a denial of service condition in
MQ clustering. (CVE-2016-9009)

See also :

https://www-01.ibm.com/support/docview.wss?uid=swg21983457
https://www-01.ibm.com/support/docview.wss?uid=swg1SE66318

Solution :

Apply the appropriate fix pack, APAR patch, or mitigation :

- For versions 7.0.1.x, apply the patch APAR IT14385 and
follow the instructions in the patch readme to apply
serialization whitelisting.

- For versions 7.1.0.x, apply fix pack 9 (7.1.0.9) when
available. In the interim, apply the patch APAR IT14385
and follow the instructions in the patch readme to apply
serialization whitelisting.

- For versions 7.5.0.x, apply fix pack 8 (7.5.0.8) when
available. In the interim, apply the patch APAR IT14385
and follow the instructions in the patch readme to apply
serialization whitelisting.

- For versions 8.0.0.x, apply fix pack 6 (8.0.0.6) when
available. In the interim, use JSON or XML rather than
ObjectMessage and enable MQ's Advanced Message Security
(AMS) mechanism.

- For versions 9.0.0.x, apply fix pack 1 (9.0.0.1) when
available. In the interim, apply the patch APAR IT14385
and follow the instructions in the patch readme to apply
serialization whitelisting.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now