| VID |
22606 |
| Severity |
30 |
| Port |
8880, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
IBM WebSphere Application Server 8.5 before Fix Pack 8.5.5.1 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities :
- A flaw exists related to Apache Ant and file compression that could lead to denial of service conditions. (CVE-2012-2098 / PM90088)
- Unspecified errors exist related to the administration console that could allow cross-site scripting attacks. (CVE-2013-0460 / PM72275, CVE-2013-5418 / PM96477, CVE-2013-5425 / PM93828)
- Multiple errors exist related to the IBM Eclipse Help System that could allow cross-site scripting attacks and information disclosure attacks. (CVE-2013-0464, CVE-2013-0467, CVE-2013-0599 / PM89893)
- An input-validation flaw exists in the optional 'mod_rewrite' module in the included IBM HTTP Server that could allow arbitrary command execution via HTTP requests containing certain escape sequences. (CVE-2013-1862 / PM87808)
- A flaw exists related to the optional 'mod_dav' module in the included IBM HTTP Server that could allow denial of service conditions. (CVE-2013-1896 / PM89996)
- A user-supplied input validation error exists that could allow cross-site request forgery (CSRF) attacks to be carried out. (CVE-2013-3029 / PM88746)
- User-supplied input validation errors exist related to the administrative console that could allow cross-site scripting attacks. (CVE-2013-4004 / PM81571, CVE-2013-4005 / PM88208)
- An unspecified permissions error exists that could allow a local attacker to obtain sensitive information. Note this issue only affects the 'Liberty Profile'. (CVE-2013-4006 / PM90472)
- An input-validation error exists related to the UDDI Administrative console that could allow cross-site scripting attacks. (CVE-2013-4052 / PM91892)
- An attacker may gain elevated privileges because of improper certificate checks. WS-Security and XML Digital Signatures must be enabled. (CVE-2013-4053 / PM90949)
- An error exists related to incorrect Administration Security roles and migrations from version 6.1. (CVE-2013-5414 / PM92313)
- Unspecified input-validation errors exist that could allow cross-site scripting attacks. (CVE-2013-5417 / PM93323 and PM93944)
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www-01.ibm.com/support/docview.wss?uid=swg27036319#8551
http://www-01.ibm.com/support/docview.wss?&uid=swg21651880
* Platforms Affected:
IBM WebSphere Application Server versions 8.5 prior to 8.5 Fix Pack 8.5.5.1 |
| Recommendation |
Upgrade to the latest version of IBM WebSphere Application Server 8.5.5.1 or later, available from the IBM Support & downloads Web site at http://www-01.ibm.com/support/docview.wss?uid=swg27036319#8551 |
| Related URL |
CVE-2012-2098,CVE-2013-0460,CVE-2013-0464,CVE-2013-0467,CVE-2013-0599,CVE-2013-1862,CVE-2013-1896,CVE-2013-3029,CVE-2013-4004,CVE-2013-4005 (CVE) |
| Related URL |
53676,57510,58000,59826,60107,60246,61129,61901,61935,61937,62336,62338,63700,63778,63780,63781,63786 (SecurityFocus) |
| Related URL |
(ISS) |
|
