| VID |
22488 |
| Severity |
40 |
| Port |
8880, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
IBM WebSphere Application Server 7.0 before Fix Pack 11 appears to be running on the remote host. Such versions are reportedly affected by the following vulnerabilities :
- WS-Security processing problems with PKIPath and PKCS#7 tokens could lead to a security bypass vulnerability. (PK96427)
- An OutOfMemory condition related to the Deployment Manager and nodeagent cause lead to a denial of service. (PM05663)
- The Web Container does not properly handle long filenames, which may cause it to respond with the incorrect file, resulting in the disclosure of potentially sensitive information. (PM06111)
- An information disclosure vulnerability exists when the '-trace' option (aka debugging mode) is enabled since WAS executes debugging statements that print string representations of unspecified objects. (PM06839)
- An error occurs when the Web Contained calls response.sendRedirect with a Transfer-Encoding: chunked, which could cause a denial of service. (PM08760)
- An information disclosure vulnerability in SIP logging could allow a local authenticated attacker to gain access to sensitive information. (PM08892)
- A possible NullPointerException when handling large chunked gzip encoded data. (PM08894)
- A possible link injection vulnerability. (PM09250)
- The web server can fail during an upload over SSL that ls larger than 2 GB. (PM10270)
- Administration console sensitive information might appear in addNode.log when -trace option enabled. (PM10684)
- Cross-site scripting and URL injection vulnerability in admin console. (PM11778)
* References:
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27014463#70011
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
IBM WebSphere Application Server versions 7.0 prior to 7.0.0.11 |
| Recommendation |
Upgrade to the latest version of IBM WebSphere Application Server 7.0 (Fix Pack 11 for 7.0 (7.0.0.11) or later), available from the IBM Support & downloads Web site at http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27004980 |
| Related URL |
CVE-2010-0774,CVE-2010-0775,CVE-2010-0776,CVE-2010-0777,CVE-2010-0778,CVE-2010-0779,CVE-2010-1650,CVE-2010-1651,CVE-2010-2324,CVE-2010-2325 (CVE) |
| Related URL |
40277,40321,40322,40325,40694,40699,41081,41084,41085,41091,41148,41149 (SecurityFocus) |
| Related URL |
(ISS) |
|
