| VID |
22764 |
| Severity |
30 |
| Port |
8880, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
IBM WebSphere Application Server 8.5 prior to Fix Pack 10 is running on the remote host. It is, therefore, affected by an information disclosure vulnerability in the Administrative Console due to improperly setting the CSRFtoken cookie. An authenticated, remote attacker can exploit this to disclose sensitive information.
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www-01.ibm.com/support/docview.wss?uid=swg21980645
* Platforms Affected:
IBM WebSphere Application Server versions 8.5 prior to 8.5 Fix Pack 10 |
| Recommendation |
Upgrade to the latest version of IBM WebSphere Application Server 8.5.5.10 or later, available from the IBM Support & downloads Web site at http://www-01.ibm.com/support/docview.wss?uid=swg21980645
Alternatively, apply Interim Fixes PI56917 at http://www-01.ibm.com/support/docview.wss?uid=swg24042624 |
| Related URL |
CVE-2016-0377 (CVE) |
| Related URL |
92514 (SecurityFocus) |
| Related URL |
(ISS) |
|
