| VID |
22560 |
| Severity |
30 |
| Port |
8880, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
IBM WebSphere Application Server 8.0 before Fix Pack 4 appears to be running on the remote host and is potentially affected by the following vulnerabilities :
- An input-validation error exists related to the 'Eclipse Help System' that can allow arbitrary redirect responses to HTTP requests. (CVE-2012-2159, CVE-2012-2161)
- An error exists related to 'Application Snoop Servlet' and missing access controls. This error can allow sensitive information to be disclosed. (CVE-2012-2170)
- Several errors exist related to SSL/TLS that can allow an attacker to carry out denial of service attacks against the application. (CVE-2012-2190, CVE-2012-2191)
- Unspecified cross-site scripting issues exist related to the administrative console. (CVE-2012-3293)
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www-01.ibm.com/support/docview.wss?uid=swg21606096
http://www-01.ibm.com/support/docview.wss?uid=swg27022958#8004
* Platforms Affected:
IBM WebSphere Application Server versions 8.0 prior to 8.0 Fix Pack 4 |
| Recommendation |
Upgrade to the latest version of IBM WebSphere Application Server 8.0 (Fix Pack 4 for 8.0 (8.0.0.4) or later), available from the IBM Support & downloads Web site at http://www-01.ibm.com/support/docview.wss?uid=swg24033190 |
| Related URL |
CVE-2012-2159,CVE-2012-2161,CVE-2012-2170,CVE-2012-2190,CVE-2012-2191,CVE-2012-3293 (CVE) |
| Related URL |
53755,53884,54051,54743,54819 (SecurityFocus) |
| Related URL |
(ISS) |
|
