| VID |
22584 |
| Severity |
30 |
| Port |
8880, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
IBM WebSphere Application Server 8.5 before Fix Pack 2 appears to be running on the remote host and is potentially affected by the following vulnerabilities :
- The included Java SDK contains several errors that affect the application directly. (CVE-2013-0169, CVE-2013-0440, CVE-2013-0443)
- Input validation errors exist related to the administration console that could allow cross-site scripting attacks. (CVE-2013-0458 / PM71139, CVE-2013-0461 / PM71389, CVE-2013-0542 / PM81846)
- An input validation error exists related to the administration console that could allow cross-site scripting attacks. Note that this issue affects only the application when running on z/OS operating systems. (CVE-2013-0459 / PM72536)
- An unspecified error could allow security bypass for authenticated users. (CVE-2013-0462 / PM76886 or PM79937)
- An error exists related to 'WS-Security' and SOAP message handling that could allow an attacker to spoof message signatures. (CVE-2013-0482 / PM76582)
- An error exists related to authentication cookies that could allow remote attackers to gain access to restricted resources. Note this only affects the application when running the 'Liberty Profile'. (CVE-2013-0540 / PM81056)
- A buffer overflow error exists related to 'WebSphere Identity Manger (WIM)' that could allow denial of service attacks. (CVE-2013-0541 / PM74909)
- An unspecified error could allow security bypass, thus allowing remote attackers access to restricted resources on HP, Linux and Solaris hosts. (CVE-2013-0543 / PM75582)
- An unspecified error related to the administration console could allow directory traversal attacks on Unix and Linux hosts. (CVE-2013-0544 / PM82468)
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
https://www-304.ibm.com/support/docview.wss?&uid=swg21632423
http://www-01.ibm.com/support/docview.wss?uid=swg21627634
http://www-01.ibm.com/support/docview.wss?uid=swg24034672
* Platforms Affected:
IBM WebSphere Application Server versions 8.5 prior to 8.5 Fix Pack 2 |
| Recommendation |
Upgrade to the latest version of IBM WebSphere Application Server 8.5 (Fix Pack 2 for 8.5 (8.5.0.2) or later), available from the IBM Support & downloads Web site at http://www-01.ibm.com/support/docview.wss?uid=swg24034672 |
| Related URL |
CVE-2013-0169,CVE-2013-0440,CVE-2013-0443,CVE-2013-0458,CVE-2013-0459,CVE-2013-0461,CVE-2013-0462,CVE-2013-0482,CVE-2013-0540,CVE-2013-0541 (CVE) |
| Related URL |
57508,57509,57512,57513,57702,57712,57778,59246,59247,59248,59250,59251,59252,59650 (SecurityFocus) |
| Related URL |
(ISS) |
|
