| VID |
22463 |
| Severity |
30 |
| Port |
8880, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of IBM WebSphere Application Server which is older than 6.1.0.15 is running on the host. IBM WebSphere Application Server versions prior to 6.1.0.15 is vulnerable to multiple vulnerabilities, including information-disclosure issues and several vulnerabilities with unknown impact as follows:
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
1) An unspecified error exists in wsadmin within the Administrative Scripting Tools component. No further information is currently available.
2) An unspecified error exists within the PropFilePasswordEncoder utility. No further information is currently available.
3) The problem is that certain sensitive information are stored in clear text within the http_plugin.log file (Plug-in component) and startserver.log (System Management/Repository component).
* References:
http://www-1.ibm.com/support/docview.wss?uid=swg27007951
http://secunia.com/advisories/29335/
* Platforms Affected:
IBM WebSphere Application Server versions prior to 6.1.0.15 |
| Recommendation |
Upgrade to the latest version of IBM WebSphere Application Server (6.1.0.15 Fix Pack 15 or later), available from the IBM Support & downloads Web site at http://www-1.ibm.com/support/docview.wss?uid=swg27007951#61015 |
| Related URL |
CVE-2008-0740,CVE-2008-7274 (CVE) |
| Related URL |
27400,28216,46449 (SecurityFocus) |
| Related URL |
31542,31544,31545 (ISS) |
|
