| VID |
22486 |
| Severity |
30 |
| Port |
8880, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
IBM WebSphere Application Server 6.0 before Fix Pack 41 for 6.0.2 appears to be running on the remote host. Such versions are reportedly affected by multiple vulnerabilities :
- An unspecified cross-site scripting vulnerability in the Administration Console. (PK97376)
- An error when defining a wsadmin scripting 'J2CConnectionFactory' object results in passwords being stored unencrypted in the resources.xml file. (PK95089)
- An error related to the ORB ListenerThread could allow remote authenticated users to cause a denial-of-service. (PK93653)
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www-01.ibm.com/support/docview.wss?uid=swg27004980
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27006876
* Platforms Affected:
IBM WebSphere Application Server versions 6.0 prior to 6.0.2.41 |
| Recommendation |
Upgrade to the latest version of IBM WebSphere Application Server 6.0 (Fix Pack 41 for 6.0.2 (6.0.2.41) or later), available from the IBM Support & downloads Web site at http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27004980 |
| Related URL |
CVE-2010-0768,CVE-2010-0769,CVE-2010-0770 (CVE) |
| Related URL |
39051,39056 (SecurityFocus) |
| Related URL |
(ISS) |
|
