IBM Storwize 1.3.x < 1.4.3.4 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities - Nessus

High   Plugin ID: 84401

---

This page contains detailed information about the IBM Storwize 1.3.x < 1.4.3.4 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities Nessus plugin including available exploits and PoCs found on GitHub, in Metasploit or Exploit-DB for verifying of this vulnerability.

Plugin Overview

---

ID: 84401
Name: IBM Storwize 1.3.x < 1.4.3.4 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities
Filename: ibm_storwize_1_5_0_2.nasl
Vulnerability Published: 2007-01-03
This Plugin Published: 2015-06-26
Last Modification Time: 2019-11-22
Plugin Version: 1.10
Plugin Type: remote
Plugin Family: Misc.
Dependencies: ibm_storwize_detect.nbin
Required KB Items [?]: Host/IBM/Storwize/display_name, Host/IBM/Storwize/machine_major, Host/IBM/Storwize/version

Vulnerability Information

---

Severity: High
Vulnerability Published: 2007-01-03
Patch Published: 2015-07-15
CVE [?]: CVE-2007-6750, CVE-2013-4286, CVE-2013-4322, CVE-2014-0075, CVE-2014-0094, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0178, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557, CVE-2014-3077, CVE-2014-3493, CVE-2014-4811
CPE [?]: cpe:/a:ibm:san_volume_controller_software, cpe:/a:ibm:storwize_v3500_software, cpe:/a:ibm:storwize_v3700_software, cpe:/a:ibm:storwize_v5000_software, cpe:/a:ibm:storwize_v7000_software, cpe:/a:ibm:storwize_v7000_unified_software, cpe:/h:ibm:san_volume_controller, cpe:/h:ibm:storwize_unified_v7000, cpe:/h:ibm:storwize_v3500, cpe:/h:ibm:storwize_v3700, cpe:/h:ibm:storwize_v5000, cpe:/h:ibm:storwize_v7000

Synopsis

The remote IBM Storwize device is affected by multiple vulnerabilities.

Description

The remote IBM Storwize device is running a version that is 1.3.x prior to 1.4.3.4 or 1.5.x prior to 1.5.0.2. It is, therefore, affected by multiple vulnerabilities :

- A denial of service vulnerability exists due to a flaw in the bundled version of Apache HTTP Server. A remote attacker can exploit this, via partial HTTP requests, to cause a daemon outage, resulting in a denial of service condition. (CVE-2007-6750)

- An HTTP request smuggling vulnerability exists due to a flaw in the bundled version of Apache Tomcat; when an HTTP connector or AJP connector is used, Tomcat fails to properly handle certain inconsistent HTTP request headers. A remote attacker can exploit this flaw, via multiple Content-Length headers or a Content-Length header and a 'Transfer-Encoding: chunked' header, to smuggle an HTTP request in one or more Content-Length headers. (CVE-2013-4286)

- A denial of service vulnerability exists in the bundled version of Apache Tomcat due to improper processing of chunked transfer coding with a large amount of chunked data or whitespace characters in an HTTP header value within a trailer field. An unauthenticated, remote attacker can exploit this to cause a denial of service condition. (CVE-2013-4322)

- A denial of service vulnerability exists due to a flaw in the bundled version of Apache Tomcat; an integer overflow condition exists in the parseChunkHeader() function in ChunkedInputFilter.java. A remote attacker can exploit this, via a malformed chunk size that is part of a chunked request, to cause excessive consumption of resources, resulting in a denial of service condition. (CVE-2014-0075)

- A remote code execution vulnerability exists due to a flaw in the bundled version of Apache Struts. A remote attacker can manipulate the ClassLoader via the class parameter, resulting in the execution of arbitrary Java code. (CVE-2014-0094)

- An XML External Entity (XXE) injection vulnerability exists due to a flaw in the bundled version of Apache Tomcat; an incorrectly configured XML parser accepts XML external entities from an untrusted source via XSLT. A remote attacker can exploit this, by sending specially crafted XML data, to gain access to arbitrary files. (CVE-2014-0096)

- An integer overflow condition exists in the bundled version of Apache Tomcat. A remote attacker, via a crafted Content-Length HTTP header, can conduct HTTP request smuggling attacks. (CVE-2014-0099)

- An information disclosure vulnerability exists due to a flaw in the bundled version of Apache Tomcat. Tomcat fails to properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet. A remote attacker can exploit this, via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, to read arbitrary files. (CVE-2014-0119)

- A flaw exists in a bundled version of Samba due to a flaw in the vfswrap_fsctl() function that is triggered when responding to FSCTL_GET_SHADOW_COPY_DATA or FSCTL_SRV_ENUMERATE_SNAPSHOTS client requests. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to disclose sensitive information from process memory. (CVE-2014-0178)

- Multiple flaws exist in the bundled version of Mozilla Firefox that allow a remote attacker to execute arbitrary code. (CVE-2014-1555, CVE-2014-1556, CVE-2014-1557)

- An information disclosure vulnerability exists due to the chkauth password being saved in plaintext in the audit log. A local attacker can exploit this to gain administrator access. (CVE-2014-3077)

- A denial of service vulnerability exists due to a flaw in the bundled version of Samba. An authenticated, remote attacker can exploit this, via an attempt to read a Unicode pathname without specifying the use of Unicode, to cause an application crash. (CVE-2014-3493) - A security bypass vulnerability exists due to an unspecified flaw. A remote attacker can exploit this flaw to reset the administrator password to its default value via a direct request to the administrative IP address. Note that this vulnerability only affects the 1.4.x release levels. (CVE-2014-4811)

Solution

Upgrade to IBM Storwize version 1.4.3.4 / 1.5.0.2 or later.

Public Exploits

---

Target Network Port(s): N/A
Target Asset(s): N/A
Exploit Available: True (Metasploit Framework, Exploit-DB, GitHub, Core Impact)
Exploit Ease: Exploits are available

Here's the list of publicly known exploits and PoCs for verifying the IBM Storwize 1.3.x < 1.4.3.4 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities vulnerability:

1. Metasploit: exploit/multi/http/struts_code_exec_classloader
   [Apache Struts ClassLoader Manipulation Remote Code Execution]
2. Metasploit: auxiliary/dos/http/slowloris
   [Slowloris Denial of Service Attack]
3. Exploit-DB: exploits/multiple/remote/33142.rb
   [EDB-33142: Apache Struts - ClassLoader Manipulation Remote Code Execution (Metasploit)]
4. Exploit-DB: exploits/multiple/remote/41690.rb
   [EDB-41690: Apache Struts < 1.3.10 / < 2.3.16.2 - ClassLoader Manipulation Remote Code Execution (Metasploit)]
5. GitHub: https://github.com/3vil-Tux/Pentesting-Resources
   [CVE-2007-6750]
6. GitHub: https://github.com/Eutectico/Steel-Mountain
   [CVE-2007-6750]
7. GitHub: https://github.com/GiJ03/ReconScan
   [CVE-2007-6750]
8. GitHub: https://github.com/MrFrozenPepe/Pentest-Cheetsheet
   [CVE-2007-6750]
9. GitHub: https://github.com/RoliSoft/ReconScan
   [CVE-2007-6750]
10. GitHub: https://github.com/SebSundin/THM-Nmap
    [CVE-2007-6750]
11. GitHub: https://github.com/SexyBeast233/SecBooks
    [CVE-2007-6750]
12. GitHub: https://github.com/adamziaja/vulnerability-check
    [CVE-2007-6750]
13. GitHub: https://github.com/binglansky/Slowloris-DOS-Attack
    [CVE-2007-6750]
14. GitHub: https://github.com/giusepperuggiero96/Network-Security-2021
    [CVE-2007-6750]
15. GitHub: https://github.com/h0ussni/pwnloris
    [CVE-2007-6750]
16. GitHub: https://github.com/issdp/test
    [CVE-2007-6750]
17. GitHub: https://github.com/le37/slowloris
    [CVE-2007-6750]
18. GitHub: https://github.com/marcocastro100/Intrusion_Detection_System-Python
    [CVE-2007-6750]
19. GitHub: https://github.com/matoweb/Enumeration-Script
    [CVE-2007-6750]
20. GitHub: https://github.com/murilofurlan/trabalho-seguranca-redes
    [CVE-2007-6750]
21. GitHub: https://github.com/vshaliii/Basic-Pentesting-1-Vulnhub-Walkthrough
    [CVE-2007-6750]
22. GitHub: https://github.com/vshaliii/Cengbox1-Vulnhub-walkthrough
    [CVE-2007-6750]
23. GitHub: https://github.com/vshaliii/DC-3-Vulnhub-Walkthrough
    [CVE-2007-6750]
24. GitHub: https://github.com/vshaliii/FristiLeaks-Vulnhub-Walkthrough
    [CVE-2007-6750]
25. GitHub: https://github.com/vshaliii/Investigator_1-vulnhub-writeup
    [CVE-2007-6750]
26. GitHub: https://github.com/HasegawaTadamitsu/CVE-2014-0094-test-program-for-struts1
    [CVE-2014-0094: CVE-2014-0094 test program for struts1]
27. GitHub: https://github.com/fupinglee/Struts2_Bugs
    [CVE-2014-0094]

Before running any exploit against any system, make sure you are authorized by the owner of the target system(s) to perform such activity. In any other case, this would be considered as an illegal activity.

WARNING: Beware of using unverified exploits from sources such as GitHub or Exploit-DB. These exploits and PoCs could contain malware. For more information, see how to use exploits safely.

Risk Information

---

CVSS Score Source [?]: CVE-2014-1557
CVSS V2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C

CVSS Base Score:	9.3 (High)
Impact Subscore:	10.0
Exploitability Subscore:	8.6
CVSS Temporal Score:	7.7 (High)
CVSS Environmental Score:	NA (None)
Modified Impact Subscore:	NA
Overall CVSS Score:	7.7 (High)

Go back to menu.

Plugin Source

---

This is the ibm_storwize_1_5_0_2.nasl nessus plugin source code. This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(84401);
  script_version("1.10");
  script_cvs_date("Date: 2019/11/22");

  script_cve_id(
    "CVE-2007-6750",
    "CVE-2013-4286",
    "CVE-2013-4322",
    "CVE-2014-0075",
    "CVE-2014-0094",
    "CVE-2014-0096",
    "CVE-2014-0099",
    "CVE-2014-0119",
    "CVE-2014-0178",
    "CVE-2014-1555",
    "CVE-2014-1556",
    "CVE-2014-1557",
    "CVE-2014-3077",
    "CVE-2014-3493",
    "CVE-2014-4811"
  );
  script_bugtraq_id(
    21865,
    65767,
    65773,
    65999,
    67667,
    67668,
    67669,
    67671,
    67686,
    68150,
    68814,
    68822,
    68824,
    69771,
    69773
  );
  script_xref(name:"CERT", value:"719225");

  script_name(english:"IBM Storwize 1.3.x < 1.4.3.4 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities");
  script_summary(english:"Checks for vulnerable Storwize versions.");

  script_set_attribute(attribute:"synopsis", value:
"The remote IBM Storwize device is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote IBM Storwize device is running a version that is 1.3.x
prior to 1.4.3.4 or 1.5.x prior to 1.5.0.2. It is, therefore, affected
by multiple vulnerabilities :

  - A denial of service vulnerability exists due to a flaw
    in the bundled version of Apache HTTP Server. A remote
    attacker can exploit this, via partial HTTP requests,
    to cause a daemon outage, resulting in a denial of
    service condition. (CVE-2007-6750)

  - An HTTP request smuggling vulnerability exists due to a
    flaw in the bundled version of Apache Tomcat; when an
    HTTP connector or AJP connector is used, Tomcat fails to
    properly handle certain inconsistent HTTP request
    headers. A remote attacker can exploit this flaw, via
    multiple Content-Length headers or a Content-Length
    header and a 'Transfer-Encoding: chunked' header, to
    smuggle an HTTP request in one or more Content-Length
    headers. (CVE-2013-4286)

  - A denial of service vulnerability exists in the bundled
    version of Apache Tomcat due to improper processing of
    chunked transfer coding with a large amount of chunked
    data or whitespace characters in an HTTP header value
    within a trailer field. An unauthenticated, remote
    attacker can exploit this to cause a denial of service
    condition. (CVE-2013-4322)

  - A denial of service vulnerability exists due to a flaw
    in the bundled version of Apache Tomcat; an integer
    overflow condition exists in the parseChunkHeader()
    function in ChunkedInputFilter.java. A remote attacker
    can exploit this, via a malformed chunk size that is
    part of a chunked request, to cause excessive
    consumption of resources, resulting in a denial of
    service condition. (CVE-2014-0075)

  - A remote code execution vulnerability exists due to a
    flaw in the bundled version of Apache Struts. A remote
    attacker can manipulate the ClassLoader via the class
    parameter, resulting in the execution of arbitrary Java
    code. (CVE-2014-0094)

  - An XML External Entity (XXE) injection vulnerability
    exists due to a flaw in the bundled version of Apache
    Tomcat; an incorrectly configured XML parser accepts
    XML external entities from an untrusted source via XSLT.
    A remote attacker can exploit this, by sending specially
    crafted XML data, to gain access to arbitrary files.
    (CVE-2014-0096)

  - An integer overflow condition exists in the bundled
    version of Apache Tomcat. A remote attacker, via a
    crafted Content-Length HTTP header, can conduct HTTP
    request smuggling attacks. (CVE-2014-0099)

  - An information disclosure vulnerability exists due to a
    flaw in the bundled version of Apache Tomcat. Tomcat
    fails to properly constrain the class loader that
    accesses the XML parser used with an XSLT stylesheet. A
    remote attacker can exploit this, via a crafted web
    application that provides an XML external entity
    declaration in conjunction with an entity reference, to
    read arbitrary files. (CVE-2014-0119)

  - A flaw exists in a bundled version of Samba due to a
    flaw in the vfswrap_fsctl() function that is triggered
    when responding to FSCTL_GET_SHADOW_COPY_DATA or
    FSCTL_SRV_ENUMERATE_SNAPSHOTS client requests. An
    unauthenticated, remote attacker can exploit this, via
    a specially crafted request, to disclose sensitive
    information from process memory. (CVE-2014-0178)

  - Multiple flaws exist in the bundled version of Mozilla
    Firefox that allow a remote attacker to execute
    arbitrary code. (CVE-2014-1555, CVE-2014-1556,
    CVE-2014-1557)

  - An information disclosure vulnerability exists due to
    the chkauth password being saved in plaintext in the
    audit log. A local attacker can exploit this to gain
    administrator access. (CVE-2014-3077)

  - A denial of service vulnerability exists due to a flaw
    in the bundled version of Samba. An authenticated,
    remote attacker can exploit this, via an attempt to read
    a Unicode pathname without specifying the use of
    Unicode, to cause an application crash. (CVE-2014-3493)
  
  - A security bypass vulnerability exists due to an
    unspecified flaw. A remote attacker can exploit this
    flaw to reset the administrator password to its default
    value via a direct request to the administrative IP
    address. Note that this vulnerability only affects the
    1.4.x release levels. (CVE-2014-4811)");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004834");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004836");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004837");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004854");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004860");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004861");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004867");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004869");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004835");
  script_set_attribute(attribute:"solution", value:
"Upgrade to IBM Storwize version 1.4.3.4 / 1.5.0.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-1557");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2007/01/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/07/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/26");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:ibm:storwize_unified_v7000");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:ibm:storwize_v7000");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:ibm:storwize_v5000");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:ibm:storwize_v3700");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:ibm:storwize_v3500");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:ibm:san_volume_controller");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:storwize_v7000_unified_software");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:storwize_v7000_software");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:storwize_v5000_software");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:storwize_v3700_software");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:storwize_v3500_software");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:san_volume_controller_software");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ibm_storwize_detect.nbin");
  script_require_keys("Host/IBM/Storwize/version", "Host/IBM/Storwize/machine_major", "Host/IBM/Storwize/display_name");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

version = get_kb_item_or_exit("Host/IBM/Storwize/version");
machine_major = get_kb_item_or_exit("Host/IBM/Storwize/machine_major");
display_name = get_kb_item_or_exit("Host/IBM/Storwize/display_name");

if (
  machine_major != "2073" && # V7000 Unified
  machine_major != "2071" && # V3500
  machine_major != "2072" && # V3700
  machine_major != "2076" && # V7000
  machine_major != "2077" && # V5000
  machine_major != "2145" && # SAN Volume Controller
  machine_major != "4939"    # Flex System V7000 Storage Node
) audit(AUDIT_DEVICE_NOT_VULN, display_name);

if (version == UNKNOWN_VER || version == "Unknown")
  audit(AUDIT_UNKNOWN_APP_VER, display_name);

if (machine_major == "2073")
{
  if (version =~ "^1\.[3-4]\.") fix = "1.4.3.4";
  else if (version =~ "^1\.5\.") fix = "1.5.0.2";
  else audit(AUDIT_DEVICE_NOT_VULN, display_name, version);
}
else
{
  if (version =~ "^((6\.[1234])|(7\.[12]))\.") fix = "7.2.0.8";
  else if (version =~ "^7\.3\.") fix = "7.3.0.5";
  else audit(AUDIT_DEVICE_NOT_VULN, display_name, version);
}

if (ver_compare(ver:version, fix:fix, strict:FALSE) >= 0)
  audit(AUDIT_DEVICE_NOT_VULN, display_name, version);

if (report_verbosity > 0)
{
  report =
    '\n  Name              : ' + display_name +
    '\n  Installed version : ' + version +
    '\n  Fixed version     : ' + fix +
    '\n';
  security_hole(port:0, extra:report);
}
else security_hole(port:0);

The latest version of this script can be found in these locations depending on your platform:

• Linux / Unix:
  /opt/nessus/lib/nessus/plugins/ibm_storwize_1_5_0_2.nasl
• Windows:
  C:\ProgramData\Tenable\Nessus\nessus\plugins\ibm_storwize_1_5_0_2.nasl
• Mac OS X:
  /Library/Nessus/run/lib/nessus/plugins/ibm_storwize_1_5_0_2.nasl

Go back to menu.

How to Run

---

Here is how to run the IBM Storwize 1.3.x < 1.4.3.4 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities as a standalone plugin via the Nessus web user interface (https://localhost:8834/):

1. Click to start a New Scan.
2. Select Advanced Scan.
3. Navigate to the Plugins tab.
4. On the top right corner click to Disable All plugins.
5. On the left side table select Misc. plugin family.
6. On the right side table select IBM Storwize 1.3.x < 1.4.3.4 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities plugin ID 84401.
7. Specify the target on the Settings tab and click to Save the scan.
8. Run the scan.

Here are a few examples of how to run the plugin in the command line. Note that the examples below demonstrate the usage on the Linux / Unix platform.

Basic usage:

/opt/nessus/bin/nasl ibm_storwize_1_5_0_2.nasl -t <IP/HOST>

Run the plugin with audit trail message on the console:

/opt/nessus/bin/nasl -a ibm_storwize_1_5_0_2.nasl -t <IP/HOST>

Run the plugin with trace script execution written to the console (useful for debugging):

/opt/nessus/bin/nasl -T - ibm_storwize_1_5_0_2.nasl -t <IP/HOST>

Run the plugin with using a state file for the target and updating it (useful for running multiple plugins on the target):

/opt/nessus/bin/nasl -K /tmp/state ibm_storwize_1_5_0_2.nasl -t <IP/HOST>

Go back to menu.

References

---

BID | SecurityFocus Bugtraq ID:

• 21865, 65767, 65773, 65999, 67667, 67668, 67669, 67671, 67686, 68150, 68814, 68822, 68824, 69771, 69773

CERT | Computer Emergency Response Team:

• 719225

See also:

• https://www.tenable.com/plugins/nessus/84401
• http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004834
• http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004835
• http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004836
• http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004837
• http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004854
• http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004860
• http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004861
• http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004867
• http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004869
• https://vulners.com/nessus/IBM_STORWIZE_1_5_0_2.NASL

Similar and related Nessus plugins:

• 45004 - Apache 2.2.x < 2.2.15 Multiple Vulnerabilities
• 73675 - CentOS 6 : tomcat6 (CESA-2014:0429)
• 73421 - Debian DSA-2897-1 : tomcat7 - security update
• 97419 - F5 Networks BIG-IP : Slowloris denial-of-service attack vulnerability (K12636)
• 77928 - Fedora 20 : tomcat-7.0.52-1.fc20 (2014-11048)
• 70085 - GLSA-201309-12 : Apache HTTP Server: Multiple vulnerabilities
• 79982 - GLSA-201412-29 : Apache Tomcat: Multiple vulnerabilities
• 91222 - HP System Management Homepage Multiple Vulnerabilities (HPSBMU03593)
• 99128 - macOS : macOS Server < 5.3 Multiple Vulnerabilities
• 83293 - MySQL Enterprise Monitor < 2.3.17 Multiple Vulnerabilities
• 83295 - MySQL Enterprise Monitor 3.0.x < 3.0.11 Multiple Vulnerabilities
• 78749 - Oracle Enterprise Data Quality Multiple Vulnerabilities (October 2014 CPU)
• 73677 - Oracle Linux 6 : tomcat6 (ELSA-2014-0429)
• 76570 - Oracle Secure Global Desktop Multiple Vulnerabilities (July 2014 CPU)
• 73678 - RHEL 6 : tomcat6 (RHSA-2014:0429)
• 76240 - RHEL 5 / 6 : JBoss Web Server (RHSA-2014:0525)
• 76241 - RHEL 5 / 6 : JBoss Web Server (RHSA-2014:0526)
• 73203 - Apache Struts 2 'class' Parameter ClassLoader Manipulation
• 117393 - Apache Struts 2.x < 2.3.16.2 Multiple Vulnerabilities (S2-020)
• 81105 - Apache Struts 2.0.0 < 2.3.16.1 Multiple Vulnerabilities (credentialed check) (Deprecated)
• 83578 - SUSE SLES10 Security Update : apache2 (SUSE-SU-2013:0469-1)
• 72874 - Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : tomcat6, tomcat7 vulnerabilities (USN-2130-1)
• 76388 - VMware vCenter Operations Management Suite Multiple Vulnerabilities (VMSA-2014-0007)
• 77728 - VMware Security Updates for vCenter Server (VMSA-2014-0008)
• 77630 - VMSA-2014-0008 : VMware vSphere product updates to third-party libraries
• 73763 - Apache Struts 2 ClassLoader Manipulation Incomplete Fix for Security Bypass

Version

---

This page has been produced using Nessus Professional 10.1.2 (#68) LINUX, Plugin set 202205072148.
Plugin file ibm_storwize_1_5_0_2.nasl version 1.10. For more plugins, visit the Nessus Plugin Library.

Go back to menu.