This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.
The remote application server is affected by multiple vulnerabilities.
IBM WebSphere Application Server 7.0 before Fix Pack 7 appears to be
running on the remote host. As such, it is reportedly affected by
multiple vulnerabilities :
- A cross-site request forgery vulnerability exists due
to insufficient validation of user-supplied input by
the administrative console. (PK87176)
- Due to an error in Java Naming and Directory Interface,
it may be possible to obtain sensitive information.
- The administrative console is affected by a
cross-site scripting vulnerability. (PK92057)
- It may be possible to bypass security restrictions
using a specially crafted HTTP HEAD method.
See also :
Apply Fix Pack 7 (22.214.171.124) or later.
Risk factor :
Medium / CVSS Base Score : 5.8
CVSS Temporal Score : 4.8
Public Exploit Available : true