This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.
The remote application server may be affected by multiple vulnerabilities.
IBM WebSphere Application Server 7.0 before Fix Pack 19 appears to be
running on the remote host. As such, it is potentially affected by
the following vulnerabilities :
- An open redirect vulnerability exists related to the
'logoutExitPage' parameter. This can allow remote
attackers to trick users into requesting unintended
- The administrative console can display a stack trace
under unspecified circumstances and can disclose
potentially sensitive information to local users.
- The Installation Verification Tool servlet (IVT) does
not properly sanitize user-supplied input of arbitrary
HTML and script code, which could allow cross-site
scripting attacks. (PM40733)
- A token verification error exists in the bundled
OpenSAML library. This error can allow an attacker to
bypass security controls with an XML signature wrapping
attack via SOAP messages. (PM43254)
- A directory traversal attack is possible via unspecified
parameters in the 'help' servlet. (PM45322)
See also :
If using WebSphere Application Server, apply Fix Pack 19 (188.8.131.52) or
Otherwise, if using embedded WebSphere Application Server packaged with
Tivoli Directory Server, apply the latest recommended eWAS fix pack.
Risk factor :
Medium / CVSS Base Score : 5.8
CVSS Temporal Score : 4.3
Public Exploit Available : false
Family: Web Servers
Nessus Plugin ID: 56229 ()
Bugtraq ID: 48709487104889049362
CVE ID: CVE-2011-1355CVE-2011-1356CVE-2011-1359CVE-2011-1362CVE-2011-1411
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.