| VID |
22526 |
| Severity |
30 |
| Port |
8880, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
IBM WebSphere Application Server 6.1 before Fix Pack 39 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities :
- An error exists in the validation of the 'logoutExitPage' parameter that can allow a remote attacker to bypass security restrictions and redirect users in support of a phishing attack.(PM35701)
- An error exists in the handling of administration console requests. This error can allow a local attacker to use a specially crafted request to view sensitive stack-trace information. (PM36620)
* References:
http://www-01.ibm.com/support/docview.wss?uid=swg27007951#61039
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
IBM WebSphere Application Server versions 6.1 prior to 6.1.0.39 Fix Pack 39 |
| Recommendation |
Upgrade to the latest version of IBM WebSphere Application Server 6.1 (Fix Pack 39 for 6.1 (6.1.0.39) or later), available from the IBM Support & downloads Web site at http://www-01.ibm.com/support/docview.wss?uid=swg27007951#61039 |
| Related URL |
CVE-2011-1355,CVE-2011-1356 (CVE) |
| Related URL |
48709,48710 (SecurityFocus) |
| Related URL |
(ISS) |
|
