IBM WebSphere Application Server 6.0 < 6.0.2.21 Multiple Vulnerabilities

This script is Copyright (C) 2010-2011 Tenable Network Security, Inc.


Synopsis :

The remote application server is affected by multiple
vulnerabilities.

Description :

IBM WebSphere Application Server 6.0.x before Fix Pack 21 appears to
be running on the remote host. Such versions are reportedly affected
by multiple vulnerabilities.

- The web container sends response data intended for a
different request in certain circumstances after a
closed connection error. (PK41446)

- Multiple unspecified vulnerabilities. (PK33799, PK40213)

See also :

http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27006876#60221
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24015854

Solution :

Apply Fix Pack 21 (6.0.2.21) or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 45417 ()

Bugtraq ID: 21636
24608

CVE ID: CVE-2007-3397
CVE-2007-3960