| VID |
22511 |
| Severity |
30 |
| Port |
8880, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
IBM WebSphere Application Server 6.1 before Fix Pack 35 appears to be running on the remote host. Such versions are reportedly affected by multiple vulnerabilities :
- An unspecified cross-site scripting vulnerability exists in the Administration Console. (PM14251)
- An unspecified cross-site scripting vulnerability exists in the web container. (PM18512)
- An unspecified cross-site request forgery vulnerability exists in the Administration
Console. (PM18909)
- An unspecified vulnerability could allow improper access to console servlets. (PM24372)
* References:
http://www-01.ibm.com/support/docview.wss?uid=swg27007951#61035
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
IBM WebSphere Application Server versions 6.1 prior to 6.1.0 Fix Pack 35 |
| Recommendation |
Upgrade to the latest version of IBM WebSphere Application Server 6.1 (Fix Pack 35 for 6.1 (6.1.0.35) or later), available from the IBM Support & downloads Web site at http://www-01.ibm.com/support/docview.wss?uid=swg27007951#61035 |
| Related URL |
CVE-2010-0783,CVE-2010-0785,CVE-2011-0315,CVE-2011-0316 (CVE) |
| Related URL |
43875,44670,45800,45802 (SecurityFocus) |
| Related URL |
(ISS) |
|
