IBM WebSphere Application Server 8.0 < Fix Pack 1 Multiple Vulnerabilities

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.

Synopsis :

The remote application server may be affected by multiple

Description :

IBM WebSphere Application Server 8.0 before Fix Pack 1 appears to be
running on the remote host and is potentially affected by the
following vulnerabilities :

- An open redirect vulnerability exists related to the
'logoutExitPage' parameter. This can allow remote
attackers to trick users into requesting unintended
URLs. (PM35701)

- The administrative console can display a stack trace
under unspecified circumstances and can disclose
potentially sensitive information to local users.

- An unspecified error exists that can allow cross-site
request forgery attacks. (PM36734)

- A token verification error exists in the bundled
OpenSAML library. This error can allow an attacker to
bypass security controls with an XML signature wrapping
attack via SOAP messages. (PM43254)

- A directory traversal attack is possible via unspecified
parameters in the 'help' servlet. (PM45322)

- The JavaServer Faces (JSF) application functionality
could allow a remote attacker to read files because it
fails to properly handle requests. (PM45992)

- The HTTP server contains an error in the 'ByteRange'
filter and can allow denial of service attacks when
processing malicious requests. (PM46234)

See also :

Solution :

Apply Fix Pack 1 for version 8.0 ( or later.

Risk factor :

High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.8
Public Exploit Available : true