IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.14 / 9.0.x <= 9.0.0.9 Multiple Vulnerabilities (711865)

high Nessus Plugin ID 141566
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote web application server is affected by multiple vulnerabilities

Description

The IBM WebSphere Application Server running on the remote host is version 7.0.0.x through 7.0.0.45, 8.0.0.x through 8.0.0.15, 8.5.0.x prior to 8.5.5.14 or 9.0.x prior to 9.0.0.9. It is, therefore, affected by multiple vulnerabilities related to Apache Struts, including the following:

- Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to manipulate the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1. (CVE-2014-0114)

- ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899. (CVE-2016-1181)

- ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899. (CVE-2016-1182)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to IBM WebSphere Application Server 8.5.5.14, 9.0.0.9, or later. Alternatively, upgrade to the minimal fix pack levels required by the interim fix and then apply Interim Fix PI97162.

See Also

https://www.ibm.com/support/pages/node/711865

Plugin Details

Severity: High

ID: 141566

File Name: websphere_711865.nasl

Version: 1.4

Type: combined

Agent: windows, macosx, unix

Family: Web Servers

Published: 10/20/2020

Updated: 11/30/2020

Dependencies: websphere_detect.nasl, ibm_enum_products.nbin, ibm_websphere_application_server_nix_installed.nbin

Configuration: Enable paranoid mode

Risk Information

CVSS Score Source: CVE-2014-0114

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:H/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.3

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server

Required KB Items: installed_sw/IBM WebSphere Application Server, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/21/2018

Vulnerability Publication Date: 6/21/2018

Exploitable With

Metasploit (Apache Struts ClassLoader Manipulation Remote Code Execution)

Reference Information

CVE: CVE-2012-1007, CVE-2014-0114, CVE-2016-1181, CVE-2016-1182