| VID |
22583 |
| Severity |
30 |
| Port |
8880, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
IBM WebSphere Application Server 8.0 before Fix Pack 6 appears to be running on the remote host and is potentially affected by the following vulnerabilities :
- An input validation error exists that could allow cross-site request forgery (XSRF) attacks. (CVE-2012-4853 / PM62920)
- The included Java SDK contains several errors that affect the application directly. (CVE-2013-0169, CVE-2013-0440, CVE-2013-0443)
- Input validation errors exist related to the administration console that could allow cross-site scripting attacks. (CVE-2013-0458 / PM71139, CVE-2013-0461 / PM71389, CVE-2013-0542 / PM81846)
- An input validation error exists related to the administration console that could allow cross-site scripting attacks. Note that this issue affects only the application when running on z/OS operating systems. (CVE-2013-0459 / PM72536)
- An unspecified error could allow security bypass for authenticated users. (CVE-2013-0462 / PM76886 or PM79937)
- An error exists related to 'WS-Security' and SOAP message handling that could allow an attacker to spoof message signatures. (CVE-2013-0482 / PM76582)
- A buffer overflow error exists related to 'WebSphere Identity Manger (WIM)' that could allow denial of service attacks. (CVE-2013-0541 / PM74909)
- An unspecified error could allow security bypass, thus allowing remote attackers access to restricted resources on HP, Linux and Solaris hosts. (CVE-2013-0543 / PM75582)
- An unspecified error related to the administration console could allow directory traversal attacks on Unix and Linux hosts. (CVE-2013-0544 / PM82468)
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www-01.ibm.com/support/docview.wss?uid=swg21634646
http://www-01.ibm.com/support/docview.wss?uid=swg21627634
http://www-01.ibm.com/support/docview.wss?uid=swg24034673
* Platforms Affected:
IBM WebSphere Application Server versions 8.0 prior to 8.0 Fix Pack 6 |
| Recommendation |
Upgrade to the latest version of IBM WebSphere Application Server 8.0 (Fix Pack 6 for 8.0 (8.0.0.6) or later), available from the IBM Support & downloads Web site at http://www-01.ibm.com/support/docview.wss?uid=swg24034673 |
| Related URL |
CVE-2012-4853,CVE-2013-0169,CVE-2013-0440,CVE-2013-0443,CVE-2013-0458,CVE-2013-0459,CVE-2013-0461,CVE-2013-0462,CVE-2013-0482,CVE-2013-0541 (CVE) |
| Related URL |
56458,57508,57509,57512,57513,57702,57712,57778,59246,59247,59248,59250,59251,59252,59650 (SecurityFocus) |
| Related URL |
(ISS) |
|
