IBM WebSphere Application Server 7.0 < Fix Pack 9

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.

Synopsis :

The remote application server is affected by multiple vulnerabilities.

Description :

IBM WebSphere Application Server 7.0 before Fix Pack 9 appears to be
running on the remote host. As such, it is reportedly affected by
multiple vulnerabilities :

- An unspecified cross-site scripting vulnerability in the
Administration Console. (PK97376)

- An error when defining a wsadmin scripting
'J2CConnectionFactory' object results in passwords being
stored unencrypted in the resources.xml file. (PK95089)

- An error related to the ORB ListenerThread could allow
remote, authenticated users to cause a denial of service.

See also :

Solution :

If using WebSphere Application Server, apply Fix Pack 9 ( or

Otherwise, if using embedded WebSphere Application Server packaged with
Tivoli Directory Server, apply the latest recommended eWAS fix pack.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.2
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 45431 ()

Bugtraq ID: 39051

CVE ID: CVE-2010-0768