| VID |
22555 |
| Severity |
30 |
| Port |
8880, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
IBM WebSphere Application Server 8.0 before Fix Pack 3 appears to be running on the remote host and is potentially affected by the following vulnerabilities :
- Unspecified cross-site scripting issues exist related to the administrative console. (PM52274, PM53132)
- An issue related to the weak randomization of Java hash data structures can allow a remote attacker to cause a denial of service with maliciously crafted POST requests. (PM53930)
- An unspecified error exists related to WS-Security enabled JAX-RPC applications. (PM45181)
* References:
http://www-304.ibm.com/support/docview.wss?uid=swg21577532
http://www-304.ibm.com/support/docview.wss?uid=swg21589257
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
IBM WebSphere Application Server versions 8.0 prior to 8.0 Fix Pack 3 |
| Recommendation |
Upgrade to the latest version of IBM WebSphere Application Server 8.0 (Fix Pack 3 for 8.0 (8.0.0.3) or later), available from the IBM Support & downloads Web site at http://www-304.ibm.com/support/docview.wss?uid=swg21577532 |
| Related URL |
CVE-2011-1377,CVE-2012-0193,CVE-2012-0716,CVE-2012-0720 (CVE) |
| Related URL |
50310,51441,52721,52722 (SecurityFocus) |
| Related URL |
(ISS) |
|
