IBM WebSphere Application Server 6.0 < 6.0.2.43 Multiple Vulnerabilities

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote application server is affected by multiple vulnerabilities.

Description :

IBM WebSphere Application Server 6.0 before Fix Pack 43 for 6.0.2
appears to be running on the remote host. As such, it is reportedly
affected by multiple vulnerabilities :

- The Web Container does not properly handle long
filenames, which could cause it to respond with the
incorrect file, resulting in the disclosure of
potentially sensitive information. (PM06111)

- An error occurs when the Web Contained calls
response.sendRedirect with a Transfer-Encoding chunked,
which could cause a denial of service. (PM08760)

- The web server can fail during an upload over SSL that
is larger than 2 GB. (PM10270)

- An unspecified XSS exists in the Administration
Console. (PM09250)

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg27004980
http://www-01.ibm.com/support/docview.wss?uid=swg27006876#60243

Solution :

Apply Fix Pack 43 for version 6.0.2 (6.0.2.43) or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 49690 ()

Bugtraq ID: 40277
40321
41081
41149

CVE ID: CVE-2010-0776
CVE-2010-0777
CVE-2010-0779
CVE-2010-2327