Vulnerability CVE-2016-2960 - CERT Civis.Net

Vulnerability Name:

CVE-2016-2960 (CCN-113805)

Assigned:

2016-08-04

Published:

2016-08-04

Updated:

2017-08-16

Summary:

IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x before 8.0.0.13, 8.5.0.x before 8.5.5.10, 8.5.0.x and 16.0.0.x Liberty before Liberty Fix Pack 16.0.0.3, and 9.0.0.x before 9.0.0.1 allows remote attackers to cause a denial of service via crafted SIP messages.

CVSS v3 Severity:

3.7 Low (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
3.2 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
3.2 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2016-2960

Source: AIXAPAR
Type: Broken Link
PI61548

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21984796

Source: CCN
Type: IBM Security Bulletin N1021649 (i)
IBM i Integrated Web Application Server version 8.5 is affected by multiple vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 1984796 (WebSphere Application Server)
Potential denial of service with SIP Services (CVE-2016-2960)

Source: CCN
Type: IBM Security Bulletin 1988710 (WebSphere Application Server for Bluemix)
Multiple security vulnerabilities affect IBM WebSphere Application Server for Bluemix

Source: CCN
Type: IBM Security Bulletin 1990527 (Liberty for Java for Bluemix)
Multiple security vulnerabilities affect Liberty for Java for IBM Bluemix

Source: CCN
Type: IBM Security Bulletin 1994916 (License Metric Tool)
A security vulnerabilities has been identified in WebSphere Liberty Profile shipped with IBM License Metric Tool v9 and IBM BigFix Inventory v9

Source: CCN
Type: IBM Security Bulletin C1000214 (MobileFirst Platform Foundation)
Multiple Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Worklight and IBM MobileFirst Platform Foundation

Source: BID
Type: UNKNOWN
92354

Source: CCN
Type: BID-92354
IBM WebSphere Application Server CVE-2016-2960 Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1036514

Source: XF
Type: UNKNOWN
ibm-websphere-cve20162960-dos(113805)

Vulnerable Configuration:

Configuration 1:

cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.13:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.14:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.15:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.16:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.17:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.18:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.19:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.21:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.22:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.23:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.24:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.25:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.27:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.28:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.29:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.31:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.32:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.33:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.34:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.35:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.36:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.37:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.38:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.39:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:7.0.0.41:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0.0.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0.0.8:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0.0.9:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0.0.10:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0.0.11:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0.0.12:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5.0.0:-:liberty_profile:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5.0.1:-:liberty_profile:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5.0.2:-:liberty_profile:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5.5.0:-:liberty_profile:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5.5.1:-:liberty_profile:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5.5.2:-:liberty_profile:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5.5.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5.5.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5.5.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5.5.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5.5.8:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5.5.9:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:9.0.0.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:8.5.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server:9.0.0.0:*:*:*:*:*:*:*

AND

cpe:/o:ibm:i:6.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.1:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:license_metric_tool:9.2.0:*:*:*:*:*:*:*

OR cpe:/o:ibm:i:7.3:*:*:*:*:*:*:*

Denotes that component is vulnerable