This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
The remote application server may be affected by multiple
IBM WebSphere Application Server 8.5 before Fix Pack 18.104.22.168 appears to
be running on the remote host and is, therefore, potentially affected by
the following vulnerabilities :
- A flaw exists related to Apache Ant and file
compression that could lead to denial of service
conditions. (CVE-2012-2098 / PM90088)
- Unspecified errors exist related to the administration
console that could allow cross-site scripting attacks.
(CVE-2013-0460 / PM72275, CVE-2013-5418 / PM96477,
CVE-2013-5425 / PM93828)
- Multiple errors exist related to the IBM Eclipse Help
System that could allow cross-site scripting attacks
and information disclosure attacks. (CVE-2013-0464,
CVE-2013-0467, CVE-2013-0599 / PM89893)
- An input validation flaw exists in the optional
'mod_rewrite' module in the included IBM HTTP Server
that could allow arbitrary command execution via
HTTP requests containing certain escape sequences.
(CVE-2013-1862 / PM87808)
- A flaw exists related to the optional 'mod_dav'
module in the included IBM HTTP Server that could
allow denial of service conditions.
(CVE-2013-1896 / PM89996)
- A user-supplied input validation error exists that could
allow cross-site request forgery (CSRF) attacks to be
carried out. (CVE-2013-3029 / PM88746)
- User-supplied input validation errors exist related to
the administrative console that could allow cross-site
(CVE-2013-4004 / PM81571, CVE-2013-4005 / PM88208)
- An unspecified permissions error exists that could
allow a local attacker to obtain sensitive information.
Note this issue only affects the 'Liberty Profile'.
(CVE-2013-4006 / PM90472)
- An input validation error exists related to the UDDI
Administrative console that could allow cross-site
scripting attacks. (CVE-2013-4052 / PM91892)
- An attacker may gain elevated privileges because of
improper certificate checks. WS-Security and XML Digital
Signatures must be enabled. (CVE-2013-4053 / PM90949)
- An error exists related to incorrect Administration
Security roles and migrations from version 6.1.
(CVE-2013-5414 / PM92313)
- Unspecified input validation errors exist that could
allow cross-site scripting attacks. (CVE-2013-5417 /
PM93323 and PM93944)
See also :
Apply Fix Pack 22.214.171.124 for version 8.5 (126.96.36.199) or later.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.9
Public Exploit Available : false
Family: Web Servers
Nessus Plugin ID: 71229 ()
CVE ID: CVE-2012-2098
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now