Vulnerability CVE-2006-4136 - CERT Civis.Net

Vulnerability Name:

CVE-2006-4136 (CCN-28577)

Assigned:

2006-08-07

Published:

2006-08-07

Updated:

2011-03-08

Summary:

Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others.

CVSS v3 Severity:

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-200
CWE-264

Vulnerability Consequences:

Other

References:

Source: MITRE
Type: CNA
CVE-2006-4136

Source: CCN
Type: SA21440
IBM WebSphere Application Server Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
21440

Source: CCN
Type: IBM Support Web site
Fix list for WebSphere Application Server Version 6.1.0

Source: CONFIRM
Type: Patch
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951

Source: AIXAPAR
Type: Patch
PK24334

Source: AIXAPAR
Type: Patch
PK25199

Source: AIXAPAR
Type: Patch
PK26498

Source: CCN
Type: OSVDB ID: 27887
IBM WebSphere Application Server (WAS) SOAP Request/Response Unspecified Issue

Source: CCN
Type: OSVDB ID: 27888
IBM WebSphere Application Server (WAS) ThreadIdentitySupport Unspecified Authority Issue

Source: CCN
Type: OSVDB ID: 27889
IBM WebSphere Application Server (WAS) Unspecified mbean Issue

Source: BID
Type: Patch
19463

Source: CCN
Type: BID-19463
IBM WebSphere Application Server 6.1.0 Multiple Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2006-3262

Source: XF
Type: UNKNOWN
websphere-multiple-unspecified(28577)

Vulnerable Configuration:

Configuration 1:

cpe:/a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:* (Version <= 6.1.0.0)

Configuration CCN 1:

cpe:/a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*

Denotes that component is vulnerable