| VID |
22515 |
| Severity |
40 |
| Port |
8880, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
IBM WebSphere Application Server 7.0 before Fix Pack 15 appears to be running on the remote host. Such versions are reportedly affected by the following vulnerabilities :
- A double free error in BBOOORBR control block could trigger a denial of service condition. (PM17170)
- A cross-site scripting vulnerability exists in the web container. (PM18512)
- It is possible for authenticated users to trigger a DoS condition by using Lightweight Third-Party
Authentication (LTPA) tokens for authentication. (PM18644)
- Sensitive wsadmin command parameters are included in trace files, which could result in an information disclosure vulnerability. (PM18736)
- A memory leak in 'com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl' could trigger a DoS condition. (PM19500)
- It is possible to trigger a DoS condition via SAAJ API provided by the WebSphere Web services runtime. (PM19534)
- The Service Integration Bus (SIB) messaging engine is affected by a DoS issue. (PM19834)
- The installer creates a temporary log file directory with open '777' permissions. (PM20021)
- A cross-site scripting vulnerability exists in the IVT application.(PM20393)
- User credentials are not cleared from the cache, even after an user has logged out. (PM21536)
- Trace requests are not handled correctly, which could result in an unspecified issue. (PM22860)
- A memory leak in 'org.apache.jasper.runtime.JspWriterImpl.response' could trigger a denial of service condition. (PM23029)
- Under certain conditions, SIP proxy may stop processing
UDP messages, resulting in a DoS condition. (PM23115)
- Memory leak in the messaging engine could trigger a
denial of service condition. (PM23626)
- Improper access is allowed to certain control servlets.
(PM24372)
- The AuthCache purge implementation is not able to
purge a user in AuthCache. (PM24668)
- Incorrect security role mapping could occur while
using J2EE 1.4 application. (PM25455)
- It is possible for Administrator role members to modify
primary administrative id via the administrative
console. (PK88606)
* References:
http://www-01.ibm.com/support/docview.wss?uid=swg1PM17170
http://www-01.ibm.com/support/docview.wss?uid=swg1PM18644
http://www-1.ibm.com/support/docview.wss?uid=swg1PM19500
http://www-01.ibm.com/support/docview.wss?uid=swg1PM19534
http://www-1.ibm.com/support/docview.wss?uid=swg1PM19834
http://www-1.ibm.com/support/docview.wss?uid=swg1PM24668
http://www-1.ibm.com/support/docview.wss?uid=swg1PM21536
http://www-01.ibm.com/support/docview.wss?uid=swg1PM23115
http://www-1.ibm.com/support/docview.wss?uid=swg1PK88606
http://www-01.ibm.com/support/docview.wss?uid=swg27014463#70015
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
IBM WebSphere Application Server versions 7.0 prior to 7.0.0.15 Fix Pack 15 |
| Recommendation |
Upgrade to the latest version of IBM WebSphere Application Server 7.0 (Fix Pack 15 for 7.0 (7.0.0.15) or later), available from the IBM Support & downloads Web site at http://www-01.ibm.com/support/docview.wss?uid=swg27014463#70015 |
| Related URL |
CVE-2011-0315,CVE-2011-0316,CVE-2011-1307,CVE-2011-1308,CVE-2011-1309,CVE-2011-1310,CVE-2011-1311,CVE-2011-1312,CVE-2011-1313,CVE-2011-1314 (CVE) |
| Related URL |
46736 (SecurityFocus) |
| Related URL |
(ISS) |
|
