IBM WebSphere Application Server 8.0 < Fix Pack 4 Multiple Vulnerabilities

medium Nessus Plugin ID 61459

Synopsis

The remote application server may be affected by multiple vulnerabilities.

Description

IBM WebSphere Application Server 8.0 before Fix Pack 4 appears to be running on the remote host and is potentially affected by the following vulnerabilities :

- An input validation error exists related to the 'Eclipse Help System' that can allow arbitrary redirect responses to HTTP requests. (CVE-2012-2159, CVE-2012-2161, PM62795)

- An error exists related to 'Application Snoop Servlet' and missing access controls. This error can allow sensitive information to be disclosed. Note that exploiting this issue requires that the default 'Application Snoop Servlet' be installed and running.
(CVE-2012-2170, PM56183)

- Several errors exist related to SSL/TLS that can allow an attacker to carry out denial of service attacks against the application. (CVE-2012-2190, CVE-2012-2191, PM66218)

- Unspecified cross-site scripting issues exist related to the administrative console. (CVE-2012-3293, PM60839)

Solution

Apply Fix Pack 4 for version 8.0 (8.0.0.4) or later.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg21606096

http://www-01.ibm.com/support/docview.wss?uid=swg27022958#8004

Plugin Details

Severity: Medium

ID: 61459

File Name: websphere_8_0_0_4.nasl

Version: 1.13

Type: remote

Family: Web Servers

Published: 8/9/2012

Updated: 12/4/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.7

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2012-2159

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server

Required KB Items: www/WebSphere

Exploit Ease: No known exploits are available

Patch Publication Date: 8/6/2012

Vulnerability Publication Date: 5/29/2012

Reference Information

CVE: CVE-2012-2159, CVE-2012-2161, CVE-2012-2170, CVE-2012-2190, CVE-2012-2191, CVE-2012-3293

BID: 53755, 53884, 54051, 54743, 54819, 55149, 55185

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990