Vulnerability CVE-2013-2976 - CERT Civis.Net

Vulnerability Name:

CVE-2013-2976 (CCN-83965)

Assigned:

2013-06-14

Published:

2013-06-14

Updated:

2017-08-29

Summary:

The Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 does not properly perform caching, which allows local users to obtain sensitive information via unspecified vectors.

CVSS v3 Severity:

4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N)
1.4 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

1.9 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N)
1.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2013-2976

Source: AIXAPAR
Type: UNKNOWN
PM79992

Source: CCN
Type: IBM Security Bulletin 1640799
Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.29

Source: CCN
Type: IBM Security Bulletin 1644047
Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.7

Source: CONFIRM
Type: Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21644047

Source: CCN
Type: IBM Security Bulletin 1647522
Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 6.1.0.47

Source: XF
Type: UNKNOWN
was-cve20132976-info-disclosure(83965)

Source: XF
Type: UNKNOWN
was-cve20132976-info-disclosure(83965)

Source: CCN
Type: IBM Security Bulletin 1639553
Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5

Vulnerable Configuration:

Configuration 1:

cpe:/a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0.0.6:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.12:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.13:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.14:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.19:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.21:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.23:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.25:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.27:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.29:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.31:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.33:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.35:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.37:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.39:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.41:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.43:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.0.45:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.13:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:6.1.14:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.13:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.14:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.15:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.16:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.17:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.18:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.19:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.21:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.22:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.23:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.24:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.25:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.27:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5.0.2:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5.5:*:*:*:*:*:*:*

Denotes that component is vulnerable