IBM WebSphere Application Server < 6.1.0.15 Multiple Vulnerabilities

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.


Synopsis :

The remote application server is affected by multiple vulnerabilities.

Description :

IBM WebSphere Application Server 6.1 before Fix Pack 15 appears to be
running on the remote host. As such, it is reportedly affected by the
following vulnerabilities :

- There is an as-yet unspecified security exposure in
wsadmin (PK45726).

- Sensitive information might appear in clear text in
http_plugin.log file (PK48785).

- There is an as-yet unspecified potential security
exposure in the 'PropFilePasswordEncoder' utility
(PK52709).

- There is an as-yet unspecified potential security
exposure with 'serveServletsByClassnameEnabled'
(PK52059).

- Sensitive information may appear in plain text in
startserver.log (PK53198).

- If Fix Pack 9 has been installed, attackers can perform
an internal application hashtable login by either not
providing a password or providing an empty password
when the JAAS Login functionality is enabled.
(PK54565)

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21404665
http://www-01.ibm.com/support/docview.wss?uid=swg27009778
http://www-01.ibm.com/support/docview.wss?uid=swg1PK54565
http://www-1.ibm.com/support/docview.wss?uid=swg27007951#61015

Solution :

If using WebSphere Application Server, apply Fix Pack 15 (6.1.0.15) or
later.

Otherwise, if using embedded WebSphere Application Server packaged with
Tivoli Directory Server, apply the latest recommended eWAS fix pack.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 45422 ()

Bugtraq ID: 27400
28216
46449

CVE ID: CVE-2008-0740
CVE-2008-7274