| VID |
22536 |
| Severity |
40 |
| Port |
8880, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
IBM WebSphere Application Server 8.0 before Fix Pack 1 appears to be
running on the remote host and is potentially affected by the
following vulnerabilities :
- An open redirect vulnerability exists related to the
'logoutExitPage' parameter. This can allow remote
attackers to trick users into requesting unintended
URLs. (PM35701)
- The administrative console can display a stack trace
under unspecified circumstances and can disclose
potentially sensitive information to local users.
(PM36620)
- An unspecified error exists that can allow cross-site
request forgery attacks. (PM36734)
- A token verification error exists in the bundled
OpenSAML library. This error can allow an attacker to
bypass security controls with an XML signature wrapping
attack via SOAP messages. (PM43254)
- A directory traversal attack is possible via unspecified
parameters in the 'help' servlet. (PM45322)
- The HTTP server contains an error in the 'ByteRange'
filter and can allow denial of service attacks when
processing malicious requests. (PM46234)
* References:
http://www.ibm.com/support/docview.wss?uid=swg27022958
http://www-01.ibm.com/support/docview.wss?uid=swg24030916
http://www-01.ibm.com/support/docview.wss?uid=swg21512087
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
IBM WebSphere Application Server versions 8.0 prior to 8.0 Fix Pack 1 |
| Recommendation |
Upgrade to the latest version of IBM WebSphere Application Server 8.0 (Fix Pack 1 for 8.0 (8.0.0.1) or later), available from the IBM Support & downloads Web site at http://www.ibm.com/support/docview.wss?uid=swg27022958 |
| Related URL |
CVE-2011-1355,CVE-2011-1356,CVE-2011-1359,CVE-2011-3192,CVE-2011-1411 (CVE) |
| Related URL |
48709,48710,48890,49303,49362,49766 (SecurityFocus) |
| Related URL |
(ISS) |
|
