This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
The remote application server is affected by multiple vulnerabilities.
IBM WebSphere Application Server 6.1 before Fix Pack 41 appears to be
running on the remote host. As such, it is potentially affected by
the following vulnerabilities :
- A cross-site scripting vulnerability via vectors
related to web messaging. (CVE-2011-5065)
- A cross-site scripting vulnerability in the Installation
Verification Test (IVT) in the Install component.
- The SibRaRecoverableSiXaResource class in the Default
Messaging Component does not properly handle a Service
Integration Bus (SIB) dump operation involving the
Failure Data Capture (FFDC) introspection code. This
can allow local users to obtain sensitive information by
reading the FFDC log file. (CVE-2011-5066)
- A directory traversal vulnerability in the
administration console that allows remote attackers to
read arbitrary files on the host. (CVE-2011-1359)
- A potential Denial of Service with malicious range
- An unspecified vulnerability in the Web Services
Security component when enabling WS-Security for a
JAX-WS application. (CVE-2011-1377)
See also :
If using WebSphere Application Server, apply Fix Pack 41 (126.96.36.199) or
Otherwise, if using embedded WebSphere Application Server packaged with
Tivoli Directory Server, apply the latest recommended eWAS fix pack.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 57607 ()
Bugtraq ID: 49362503105155951560
CVE ID: CVE-2011-1359CVE-2011-1362CVE-2011-1377CVE-2011-3192CVE-2011-5065CVE-2011-5066
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.