IBM WebSphere Application Server 6.0 < 6.0.2.25 Multiple Vulnerabilities

This script is Copyright (C) 2010-2011 Tenable Network Security, Inc.


Synopsis :

The remote application server is affected by multiple
vulnerabilities.

Description :

IBM WebSphere Application Server 6.0.x before Fix Pack 25 appears to
be running on the remote host. Such versions are reportedly affected
by multiple vulnerabilities.

- An unspecified vulnerability in the Administrative
Console involving monitor role users. (PK45768)

- WebSphere Application Server writes unspecified
cleartext information to 'http_plugin.log' which might
allow attackers to obtain sensitive information.
(PK48785)

- An unspecified vulnerability in the
'PropFilePasswordEncoder' utility. (PK52709)

- A header buffer-handling vulnerability with unspecified
impact. (PK57746)

- An unspecified vulnerability in the 'UOWManager'.
(PK51392)

See also :

http://www-1.ibm.com/support/docview.wss?uid=swg27006876#60225

Solution :

Apply Fix Pack 25 (6.0.2.25) or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 45419 ()

Bugtraq ID: 27400

CVE ID: CVE-2007-6679
CVE-2008-0740
CVE-2008-0741