| VID |
22465 |
| Severity |
30 |
| Port |
8880, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of IBM WebSphere Application Server which is older than 6.1.0.17 is running on the host. IBM WebSphere Application Server versions 6.1 prior to 6.1.0.17 could allow a remote attacker to obtain sensitive information, caused due to an unspecified error related to an attribute in the SOAP security header in Web Services applications. An attacker could exploit this vulnerability to cause a security exposure within the Web Services applications.
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951
http://www-1.ibm.com/support/docview.wss?uid=swg1PK61315
http://www.frsirt.com/english/advisories/2008/1734
http://securitytracker.com/alerts/2008/Jun/1020168.html
http://secunia.com/advisories/30526
* Platforms Affected:
IBM WebSphere Application Server versions 6.1 prior to 6.1.0.17 |
| Recommendation |
Upgrade to the latest version of IBM WebSphere Application Server (6.1.0.17 Fix Pack 17 or later), available from the IBM Support & downloads Web site at http://www-1.ibm.com/support/docview.wss?uid=swg24019206 |
| Related URL |
CVE-2008-2550 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
42822 (ISS) |
|
