IBM WebSphere Application Server 6.0 < 6.0.2.43 Multiple Vulnerabilities

medium Nessus Plugin ID 49690

Synopsis

The remote application server is affected by multiple vulnerabilities.

Description

IBM WebSphere Application Server 6.0 before Fix Pack 43 for 6.0.2 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities :

- The Web Container does not properly handle long filenames, which could cause it to respond with the incorrect file, resulting in the disclosure of potentially sensitive information. (PM06111)

- An error occurs when the Web Contained calls response.sendRedirect with a Transfer-Encoding chunked, which could cause a denial of service. (PM08760)

- The web server can fail during an upload over SSL that is larger than 2 GB. (PM10270)

- An unspecified XSS exists in the Administration Console. (PM09250)

Solution

Apply Fix Pack 43 for version 6.0.2 (6.0.2.43) or later.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg27004980

http://www-01.ibm.com/support/docview.wss?uid=swg27006876#60243

Plugin Details

Severity: Medium

ID: 49690

File Name: websphere_6_0_2_43.nasl

Version: 1.9

Type: remote

Family: Web Servers

Published: 9/28/2010

Updated: 8/6/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server

Required KB Items: www/WebSphere

Exploit Ease: No known exploits are available

Patch Publication Date: 9/27/2010

Vulnerability Publication Date: 5/9/2010

Reference Information

CVE: CVE-2010-0776, CVE-2010-0777, CVE-2010-0779, CVE-2010-2327

BID: 40277, 40321, 41081, 41149