This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.
The remote application server is affected by multiple vulnerabilities.
IBM WebSphere Application Server 6.0.2 before Fix Pack 35 appears to
be running on the remote host. As such, it is reportedly affected by
multiple vulnerabilities :
- Non-standard HTTP methods are allowed. (PK73246)
- A login using the LPTAToken cookie may result in
extending LTPAToken expiration time longer than the
LTPAToken timeout value. (PK75919)
- Cross-site scripting vulnerabilities exist in sample
- If the admin console is directly accessed from http,
the console fails to redirect the connection to a
secure login page. (PK77010)
- 'wsadmin' is affected by a security exposure.
- XML digital signature is affected by a security issue.
- In certain cases, application source files are exposed.
- Configservice APIs could display sensitive information.
See also :
Apply Fix Pack 35 (220.127.116.11) or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false