| VID |
22546 |
| Severity |
30 |
| Port |
8880, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
IBM WebSphere Application Server 8.0 before Fix Pack 2 appears to be running on the remote host and is potentially affected by the following vulnerabilities :
- An unspecified cross-site scripting issue exists related to the 'Web 2.0 Messaging service'. (PM37840)
- An unspecified error exists related to WS-Security enabled JAX-WS applications. (PM43585)
- Insecure file permissions are applied to the files in the '$WAS_HOME/systemapps/isclite.ear' and
'$WAS_HOME/bin/client_ffdc' directories. These permissions can allow a local attacker to read or write files in those directories. Note this issue only affects the application on the IBM i operating system. (PM49712)
- An error exists in the class 'javax.naming.directory.AttributeInUseException' and can allow old passwords to still provide access. This error is triggered when passwords are updated by using IBM
Tivoli Directory Server. (PM52049)
* References:
http://www-01.ibm.com/support/docview.wss?uid=swg24031368
http://www-01.ibm.com/support/docview.wss?uid=swg21569205
ftp://public.dhe.ibm.com/software/websphere/appserv/support/fixes/PM53930/readme.txt
http://www-01.ibm.com/support/docview.wss?uid=swg27022958#8002
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
IBM WebSphere Application Server versions 8.0 prior to 8.0 Fix Pack 2 |
| Recommendation |
Upgrade to the latest version of IBM WebSphere Application Server 8.0 (Fix Pack 2 for 8.0 (8.0.0.2) or later), available from the IBM Support & downloads Web site at http://www-01.ibm.com/support/docview.wss?uid=swg24031368 |
| Related URL |
CVE-2011-1376,CVE-2011-4889 (CVE) |
| Related URL |
51420,52723 (SecurityFocus) |
| Related URL |
(ISS) |
|
