This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.
The remote application server may be affected by multiple
IBM WebSphere Application Server 8.0 before Fix Pack 1 appears to be
running on the remote host and is potentially affected by the
following vulnerabilities :
- An open redirect vulnerability exists related to the
'logoutExitPage' parameter. This can allow remote
attackers to trick users into requesting unintended
- The administrative console can display a stack trace
under unspecified circumstances and can disclose
potentially sensitive information to local users.
- An unspecified error exists that can allow cross-site
request forgery attacks. (PM36734)
- A token verification error exists in the bundled
OpenSAML library. This error can allow an attacker to
bypass security controls with an XML signature wrapping
attack via SOAP messages. (PM43254)
- A directory traversal attack is possible via unspecified
parameters in the 'help' servlet. (PM45322)
- The JavaServer Faces (JSF) application functionality
could allow a remote attacker to read files because it
fails to properly handle requests. (PM45992)
- The HTTP server contains an error in the 'ByteRange'
filter and can allow denial of service attacks when
processing malicious requests. (PM46234)
See also :
Apply Fix Pack 1 for version 8.0 (18.104.22.168) or later.
Risk factor :
High / CVSS Base Score : 7.8
CVSS Temporal Score : 6.8
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 56348 ()
Bugtraq ID: 48709487104889049303493624976650463
CVE ID: CVE-2011-1355CVE-2011-1356CVE-2011-1359CVE-2011-1368CVE-2011-1411CVE-2011-3192
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.