Detections
Analytics

IBM WebSphere Commerce ResetPassword Servlet Caching Information Disclosure

low Nessus Plugin ID 17337

Language:

Synopsis

The remote web server is affected by an information disclosure issue.

Description

The remote host is running a version of IBM WebSphere Commerce that may allow an attacker to conduct a brute-force attack against users who have recently had their passwords invalidated in WebSphere Commerce and uncover private information.

Solution

Apply WebSphere Commerce 5.6.0.2 fix pack or later. If you are running WebSphere Commerce v5.5 contact IBM product support and request APAR IY60949.

See Also

http://www.nessus.org/u?6c2e4505

Plugin Details

Severity: Low

ID: 17337

File Name: websphere_resetpassword_info_disclosure.nasl

Version: 1.17

Type: remote

Family: CGI abuses

Published: 3/16/2005

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 1.9

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:ibm:websphere_commerce

Required KB Items: www/WebSphere

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 9/28/2004

Vulnerability Publication Date: 3/4/2005

Reference Information

BID: 12812