This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.
The remote application server may be affected by multiple
IBM WebSphere Application Server 8.0 before Fix Pack 1 appears to be
running on the remote host and is potentially affected by the
following vulnerabilities :
- An open redirect vulnerability exists related to the
'logoutExitPage' parameter. This can allow remote
attackers to trick users into requesting unintended
- The administrative console can display a stack trace
under unspecified circumstances and can disclose
potentially sensitive information to local users.
- An unspecified error exists that can allow cross-site
request forgery attacks. (PM36734)
- A token verification error exists in the bundled
OpenSAML library. This error can allow an attacker to
bypass security controls with an XML signature wrapping
attack via SOAP messages. (PM43254)
- A directory traversal attack is possible via unspecified
parameters in the 'help' servlet. (PM45322)
- The JavaServer Faces (JSF) application functionality
could allow a remote attacker to read files because it
fails to properly handle requests. (PM45992)
- The HTTP server contains an error in the 'ByteRange'
filter and can allow denial of service attacks when
processing malicious requests. (PM46234)
See also :
Apply Fix Pack 1 for version 8.0 (220.127.116.11) or later.
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.8
Public Exploit Available : true