This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.
The remote application server is affected by multiple vulnerabilities.
IBM WebSphere Application Server 6.0.2 before Fix Pack 35 appears to
be running on the remote host. As such, it is reportedly affected by
multiple vulnerabilities :
- Non-standard HTTP methods are allowed. (PK73246)
- A login using the LPTAToken cookie may result in
extending LTPAToken expiration time longer than the
LTPAToken timeout value. (PK75919)
- Cross-site scripting vulnerabilities exist in sample
- If the admin console is directly accessed from http,
the console fails to redirect the connection to a
secure login page. (PK77010)
- 'wsadmin' is affected by a security exposure.
- XML digital signature is affected by a security issue.
- In certain cases, application source files are exposed.
- Configservice APIs could display sensitive information.
See also :
Apply Fix Pack 35 (220.127.116.11) or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false
Family: Web Servers
Nessus Plugin ID: 38978 ()
Bugtraq ID: 35405
CVE ID: CVE-2009-1898CVE-2009-1899CVE-2009-1900CVE-2009-1901
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.