Test ID:	1.3.6.1.4.1.25623.1.0.806624
Category:	Web Servers
Title:	IBM WebSphere Application Server RCE Vulnerability (Nov 2015) - Version Check
Summary:	IBM WebSphere Application Server is prone to a remote code; execution (RCE) vulnerability in Apache Commons Collections.
Description:	Summary: IBM WebSphere Application Server is prone to a remote code execution (RCE) vulnerability in Apache Commons Collections. Vulnerability Insight: The flaw exists due to presence of a deserialization error. Vulnerability Impact: Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Affected Software/OS: IBM WebSphere Application Server versions: - 16.0.0.2 through 17.0.0.3 (Liberty) - 8.5.0.0 through 8.5.5.7 (Liberty) - 8.5.0.0 through 8.5.5.7 (Traditional) - 8.0.0.0 through 8.0.0.11 (Traditional) - 7.0.0.0 through 7.0.0.39 (Traditional) Notes: - Liberty in all versions is only actively exploitable if using the optional EJB Embeddable Container and JPAClient features - Liberty versions 8.5.0.0 through 8.5.5.7 only enables the Apache Commons Collections and thus exploitable if one of the jsf-2.0, jsf-2.2 or jpa-2.0 features are enabled Solution: Updates and mitigations are available. Please see the references or vendor advisory for more information. Note: Please create an override for this result if only the mitigation / an interim fix was applied CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-7450 BugTraq ID: 77653 http://www.securityfocus.com/bid/77653 https://www.exploit-db.com/exploits/41613/ http://www.securitytracker.com/id/1035125
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.