IBM WebSphere Application Server 6.1 < 6.1.0.37 Multiple Vulnerabilities

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote application server is affected by multiple vulnerabilities.

Description :

IBM WebSphere Application Server 6.1 before Fix Pack 37 appears to be
running on the remote host. As such, it is potentially affected by
the following vulnerabilities :

- It is possible to trigger a DoS condition via SAAJ
API provided by the WebSphere Web services runtime.
(PM19534)

- An unspecified cross-site scripting vulnerability
exists in the IVT application. (PM20393)

- The AuthCache purge implementation is not able to
purge a user in AuthCache. (PM24668)

- A remote attacker can gain unspecified application access
on z/OS, when a Local OS user registry or Federated
Repository with RACF adapter is used. (PM35478)

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21404665
http://www-01.ibm.com/support/docview.wss?uid=swg27009778
http://www-01.ibm.com/support/docview.wss?uid=swg21473989
http://www-01.ibm.com/support/docview.wss?uid=swg1PM19534
http://www-1.ibm.com/support/docview.wss?uid=swg1PM24668
http://www-01.ibm.com/support/docview.wss?uid=swg27007951#61037

Solution :

If using WebSphere Application Server, apply Fix Pack 37 (6.1.0.37) or
later.

Otherwise, if using embedded WebSphere Application Server packaged with
Tivoli Directory Server, apply the latest recommended eWAS fix pack.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 53475 ()

Bugtraq ID: 46736
47122

CVE ID: CVE-2011-1308
CVE-2011-1321
CVE-2011-1322
CVE-2011-1683