Vulnerability CVE-2011-1308 - CERT Civis.Net

Vulnerability Name:

CVE-2011-1308 (CCN-65992)

Assigned:

2011-02-28

Published:

2011-02-28

Updated:

2017-08-17

Summary:

Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2011-1308

Source: CCN
Type: SA44031
IBM WebSphere Application Server IVT Cross-Site Scripting Vulnerability

Source: CCN
Type: IBM APAR PM20393
Fix list for IBM WebSphere Application Server V7.0

Source: AIXAPAR
Type: UNKNOWN
PM20393

Source: CCN
Type: IBM Support and Downloads
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for AIX

Source: CONFIRM
Type: UNKNOWN
http://www-01.ibm.com/support/docview.wss?uid=swg27014463

Source: CCN
Type: OSVDB ID: 71456
IBM WebSphere Application Server IVT Unspecified XSS

Source: CCN
Type: OSVDB ID: 78575
IBM WebSphere Application Server IVT Install Component Unspecified XSS

Source: BID
Type: UNKNOWN
46736

Source: CCN
Type: BID-46736
IBM WebSphere Application Server prior to 7.0.0.15 Multiple Security Vulnerabilities

Source: VUPEN
Type: Vendor Advisory
ADV-2011-0564

Source: XF
Type: UNKNOWN
was-ivt-xss(65992)

Source: XF
Type: UNKNOWN
was-ivt-xss(65992)

Vulnerable Configuration:

Configuration 1:

cpe:/a:ibm:websphere_application_server:2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:3.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:3.0.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:3.0.2.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:3.0.2.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:3.0.2.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:3.0.21:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:3.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:3.5.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:3.5.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:3.5.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:3.52:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:4.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:4.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:4.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:4.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.0.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.0.2.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.0.2.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.0.2.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.0.2.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.0.2.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.0.2.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.0.2.8:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.0.2.9:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.0.2.10:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.0.2.11:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.0.2.12:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.0.2.13:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.0.2.14:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.0.2.15:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.0.2.16:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.1.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.1.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.1.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.1.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.1.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.1.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.1.1.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.1.1.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.1.1.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.1.1.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.1.1.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.1.1.8:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.1.1.9:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.1.1.10:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.1.1.11:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.1.1.12:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.1.1.13:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.1.1.14:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.1.1.15:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.1.1.16:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:5.1.1.17:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.1.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.1.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.1.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.1.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.1.9:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.1.11:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.1.13:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.1.15:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.1.17:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.11:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.13:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.15:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.17:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.19:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.22:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.23:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.24:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.25:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.27:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.28:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.29:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.30:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.31:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.0.2.32:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.12:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.19:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.21:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.23:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.25:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.27:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.29:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.31:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.33:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.13:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.14:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:*:*:*:*:*:*:*:* (Version <= 7.0.0.13)

Configuration CCN 1:

cpe:/a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*

Denotes that component is vulnerable