IBM WebSphere Application Server 6.0 < Multiple Vulnerabilities

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.

Synopsis :

The remote application server is affected by multiple vulnerabilities.

Description :

IBM WebSphere Application Server 6.0 before Fix Pack 43 for 6.0.2
appears to be running on the remote host. As such, it is reportedly
affected by multiple vulnerabilities :

- The Web Container does not properly handle long
filenames, which could cause it to respond with the
incorrect file, resulting in the disclosure of
potentially sensitive information. (PM06111)

- An error occurs when the Web Contained calls
response.sendRedirect with a Transfer-Encoding chunked,
which could cause a denial of service. (PM08760)

- The web server can fail during an upload over SSL that
is larger than 2 GB. (PM10270)

- An unspecified XSS exists in the Administration
Console. (PM09250)

See also :

Solution :

Apply Fix Pack 43 for version 6.0.2 ( or later.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 49690 ()

Bugtraq ID: 40277

CVE ID: CVE-2010-0776