IBM WebSphere Application Server 6.1 < Fix Pack 21 Multiple Flaws

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.

Synopsis :

The remote application server is affected by multiple vulnerabilities.

Description :

IBM WebSphere Application Server 6.1 before Fix Pack 21 appears to be
running on the remote host. As such, it is reportedly affected by
multiple flaws :

- Provided Performance Monitoring Infrastructure (PMI) is
enabled, it may be possible for a local attacker to
obtain sensitive information through 'Systemout.log' and
'ffdc' files that are written by PerfServlet.

- SSL Configuration settings attribute 'Security Level'
does not correctly enforce the level of encryption used
by the application server. (PK63182)

See also :

Solution :

If using WebSphere Application Server, apply Fix Pack 21 ( or

Otherwise, if using embedded WebSphere Application Server packaged with
Tivoli Directory Server, apply the latest recommended eWAS fix pack.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.2
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 35659 ()

Bugtraq ID: 33700

CVE ID: CVE-2009-0434