This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
The remote application server may be affected by multiple
IBM WebSphere Application Server 8.0 before Fix Pack 4 appears to be
running on the remote host and is potentially affected by the
following vulnerabilities :
- An input validation error exists related to the 'Eclipse
Help System' that can allow arbitrary redirect responses
to HTTP requests. (CVE-2012-2159, CVE-2012-2161,
- An error exists related to 'Application Snoop Servlet'
and missing access controls. This error can allow
sensitive information to be disclosed. Note that
exploiting this issue requires that the default
'Application Snoop Servlet' be installed and running.
- Several errors exist related to SSL/TLS that can allow
an attacker to carry out denial of service attacks
against the application. (CVE-2012-2190, CVE-2012-2191,
- Unspecified cross-site scripting issues exist related to
the administrative console. (CVE-2012-3293, PM60839)
See also :
Apply Fix Pack 4 for version 8.0 (126.96.36.199) or later.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false
Family: Web Servers
Nessus Plugin ID: 61459 ()
Bugtraq ID: 53755538845405154743548195514955185
CVE ID: CVE-2012-2159CVE-2012-2161CVE-2012-2170CVE-2012-2190CVE-2012-2191CVE-2012-3293
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.