| VID |
22499 |
| Severity |
30 |
| Port |
8880, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
IBM WebSphere Application Server 6.0 before Fix Pack 43 for 6.0.2 appears to be running on the remote host. Such versions are reportedly affected by multiple vulnerabilities :
- The Web Container does not properly handle long filenames, which may cause it to respond with the incorrect file, resulting in the disclosure of potentially sensitive information. (PM06111)
- An error occurs when the Web Contained calls response.sendRedirect with a Transfer-Encoding chunked, which could cause a denial of service. (PM08760)
- The web server can fail during an upload over SSL that is larger than 2 GB. (PM10270)
- An unspecified XSS exists in the Administration Console. (PM09250)
* References:
http://www-01.ibm.com/support/docview.wss?uid=swg27004980
http://www-01.ibm.com/support/docview.wss?uid=swg27006876#60243
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
IBM WebSphere Application Server versions 6.x prior to 6.0.2.43 |
| Recommendation |
Upgrade to the latest version of IBM WebSphere Application Server 6.0.2 (Fix Pack 43 for 6.0.2 (6.0.2.43) or later), available from the IBM Support & downloads Web site at http://www-01.ibm.com/support/docview.wss?uid=swg27006876#60243 |
| Related URL |
CVE-2010-0776,CVE-2010-0777,CVE-2010-0779,CVE-2010-2327 (CVE) |
| Related URL |
40277,40321,41081,41149 (SecurityFocus) |
| Related URL |
(ISS) |
|
