| VID |
22506 |
| Severity |
40 |
| Port |
8880, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
IBM WebSphere Application Server 7.0 before Fix Pack 13 appears to be running on the remote host. Such versions are reportedly affected by the following vulnerabilities :
- A cross-site scripting vulnerability exists in the administrative console due to improper filtering on input values. (PM14251)
- A cross-site scripting vulnerability exists in the Integrated Solution Console due to improper filtering on input values. (PM11777)
- An unspecified cross-site request forgery vulnerability exists in the administrative console for WebSphere Application Server for z/OS. (PM18909)
- An unspecified cross-site scripting vulnerability exists in the administrative console for WebSphere Application Server for z/OS. (PM17046)
- An error exists in JAX-WS WS-Security which mishandles timestamps in the WS-SecurityPolicy specification. (PM16014)
- An error exists in the JAX-WS API which allows an attacker to cause a denial of service by sending a specially crafted JAX-WS request. The server will begin sending corrupt data to its clients. (PM13777)
- Apache Axis2/Java, used by WebSphere, is vulnerable to denial of service and information disclosure attacks due to an error in its XML DTD handling processes. (PM14844)
- An unspecified error exists in the administration console which can cause high CPU usage and denial of service when specially crafted URLs are requested. (PM11807)
* References:
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27014463#70013
https://issues.apache.org/jira/browse/AXIS2-4450
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
IBM WebSphere Application Server versions 7.0 prior to 7.0 Fix Pack 13 |
| Recommendation |
Upgrade to the latest version of IBM WebSphere Application Server 7.0 (Fix Pack 13 for 7.0 (7.0.0.13) or later), available from the IBM Support & downloads Web site at http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27014463#70013 |
| Related URL |
CVE-2010-0781,CVE-2010-0783,CVE-2010-0784,CVE-2010-0785,CVE-2010-0786,CVE-2010-1632,CVE-2010-3186,CVE-2010-4220 (CVE) |
| Related URL |
40976,42801,43425,43874,43875,44670,44862,44875 (SecurityFocus) |
| Related URL |
(ISS) |
|
