IBM WebSphere Application Server < Multiple Vulnerabilities

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.

Synopsis :

The remote application server is affected by multiple vulnerabilities.

Description :

IBM WebSphere Application Server 6.1 before Fix Pack 25 appears to be
running on the remote host. As such, it is reportedly affected by
multiple vulnerabilities :

- Non-standard HTTP methods are allowed. (PK73246)

- An error in Single Sign-on (SSO) with SPNEGO
implementation could allow a remote attacker
to bypass security restrictions. (PK77465)

- 'wsadmin' is affected by a security exposure. (PK77495)

- Security flag 'isSecurityEnabled' is incorrectly set
after migrating from VMM. (PK78134)

- In certain cases sensitive information may appear in
migration trace. (PK78134)

- Use of insecure password obfuscation algorithm by Web
services could result in weaker than expected security
provided the client module specifies a password in
ibm-webservicesclient-bind.xmi and target environment
has custom password encryption enabled. (PK79275)

- Sensitive information might appear in trace files.

- XML digital signature is affected by a security issue.

- If CSIv2 Security is configured with Identity
Assertion, it may be possible for a remote
attacker to bypass security restrictions. (PK83097)

- IBM Stax XMLStreamWriter may write to an incorrect XML
file, and hence is susceptible to a XML fuzzing attack.

- Configservice APIs could display sensitive information.

- A security bypass caused by inbound requests that lack
a SOAPAction or WS-Addressing Action. (PK72138)

See also :

Solution :

If using WebSphere Application Server, apply Fix Pack 25 ( or

Otherwise, if using embedded WebSphere Application Server packaged with
Tivoli Directory Server, apply the latest recommended eWAS fix pack.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false