IBM WebSphere Application Server < Multiple Vulnerabilities

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.

Synopsis :

The remote application server is affected by multiple vulnerabilities.

Description :

IBM WebSphere Application Server 6.0.2 before Fix Pack 35 appears to
be running on the remote host. As such, it is reportedly affected by
multiple vulnerabilities :

- Non-standard HTTP methods are allowed. (PK73246)

- A login using the LPTAToken cookie may result in
extending LTPAToken expiration time longer than the
LTPAToken timeout value. (PK75919)

- Cross-site scripting vulnerabilities exist in sample
applications. (PK76720)

- If the admin console is directly accessed from http,
the console fails to redirect the connection to a
secure login page. (PK77010)

- 'wsadmin' is affected by a security exposure.

- XML digital signature is affected by a security issue.

- In certain cases, application source files are exposed.

- Configservice APIs could display sensitive information.

See also :

Solution :

Apply Fix Pack 35 ( or later.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 38978 ()

Bugtraq ID: 35405

CVE ID: CVE-2009-1898