IBM WebSphere Application Server 8.5.5.x < 8.5.5.4 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 700046

Synopsis

The remote host is running an application server that is vulnerable to multiple attack vectors.

Description

The remote host appears to be running IBM WebSphere Application Server 8.5.5.x prior to 8.5.5.4. Such versions are potentially affected by multiple issues :

- An unspecified flaw exists that is triggered when handling a specially crafted HTTP method. This may allow a remote attacker to gain access to potentially sensitive cookie and authentication data, which can allow the attacker conduct further, more serious attacks on the system. (CVE-2014-3021)
- A flaw exists in the administrative console that allows a stored cross-site scripting (XSS) attack. This flaw exists because the program does not validate input before returning it to users. This may allow an authenticated remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2014-4770)
- A flaw exists in the administrative console as HTTP requests do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a Cross-Site Request Forgery (CSRF / XSRF) attack causing the victim to perform unspecified actions. (CVE-2014-4816)
- A flaw exists that can allow a context-dependent attacker to spoof the OpenID and OpenID connect cookies with a specially crafted URL. This may allow the attacker to gain access to potentially sensitive information. (CVE-2014-6164)
- An XXE (Xml eXternal Entity) injection flaw exists in the Communications Enabled Applications (CEA) service that is triggered during the parsing of XML data. The issue is due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. By sending specially crafted XML data, a remote attacker can gain access to potentially sensitive information. (CVE-2014-6166)
- A flaw exists that allows a reflected XSS attack. This flaw exists because the program does not validate input to session input using URL rewriting before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2014-6167)

Solution

Upgrade WebSphere Application Server to 8.5.5.4 or later.

See Also

https://www-304.ibm.com/support/docview.wss?uid=swg21690185

Plugin Details

Severity: Medium

ID: 700046

Family: Web Servers

Published: 4/4/2017

Updated: 3/6/2019

Nessus ID: 80398

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server

Patch Publication Date: 12/17/2014

Vulnerability Publication Date: 12/17/2014

Reference Information

CVE: CVE-2014-3021, CVE-2014-4770, CVE-2014-4816, CVE-2014-6164, CVE-2014-6166, CVE-2014-6167

BID: 69980, 69981, 70582, 71836, 71837, 71850