IBM WebSphere Application Server < Multiple Vulnerabilities

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.

Synopsis :

The remote application server is affected by multiple vulnerabilities.

Description :

IBM WebSphere Application Server 6.0.2 before Fix Pack 31 appears to
be running on the remote host. As such, it is reportedly affected by
multiple vulnerabilities :

- By sending a specially crafted HTTP request with the
'Host' header field set to more than 256 bytes, it may
be possible to crash the remote application server.

- An unspecified security exposure vulnerability exists if
'fileServing' feature is enabled. (PK64302)

- Web services security fails to honor Certificate
Revocation Lists (CRL) configured in Certificate Store
Collections. (PK61258)

- Provided Performance Monitoring Infrastructur (PMI) is
enabled, it may be possible for an local attacker to
obtain sensitive information.

See also :

Solution :

Apply Fix Pack 31 ( or later.

Risk factor :

Medium / CVSS Base Score : 6.4
CVSS Temporal Score : 4.7
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 34501 ()

Bugtraq ID: 31839

CVE ID: CVE-2008-4111