This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
The remote application server may be affected by multiple
IBM WebSphere Application Server 8.0 before Fix Pack 2 appears to be
running on the remote host and is potentially affected by the
following vulnerabilities :
- An unspecified cross-site scripting issue exists
related to the 'Web 2.0 Messaging service'. (PM37840)
- A security exposure when using WS-Security could result
in a user gaining elevated privileges in applications
using JAX-WS. (PM43585 / CVE-2011-1377)
- Insecure file permissions are applied to the files in
the '$WAS_HOME/systemapps/isclite.ear' and
'$WAS_HOME/bin/client_ffdc' directories. These
permissions can allow a local attacker to read or write
files in those directories. Note this issue only
affects the application on the IBM i operating system.
- An error exists in the class
'javax.naming.directory.AttributeInUseException' and can
allow old passwords to still provide access. This error
is triggered when passwords are updated by using IBM
Tivoli Directory Server. (PM52049)
See also :
Apply Fix Pack 2 for version 8.0 (188.8.131.52) or later.
Risk factor :
Medium / CVSS Base Score : 4.6
CVSS Temporal Score : 3.4
Public Exploit Available : false
Family: Web Servers
Nessus Plugin ID: 58596 ()
Bugtraq ID: 503105142052723
CVE ID: CVE-2011-1376CVE-2011-1377CVE-2011-4889
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.