IBM WebSphere Application Server 7.0 < Fix Pack 27 Multiple Vulnerabilities

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

The remote application server may be affected by multiple

Description :

IBM WebSphere Application Server 7.0 before Fix Pack 27 appears to be
running on the remote host. It is, therefore, potentially affected by
the following vulnerabilities :

- A request validation error exists related to the proxy
server component that could allow a remote attacker to
cause the proxy status to be reported as disabled, thus
denying applications access to the proxy.
(CVE-2012-3330, PM71319)

- A user-supplied input validation error exists that could
allow cross-site request forgery (CSRF) attacks to be
carried out. (CVE-2012-4853, PM62920)

- Unspecified errors exist related to the administration
console that could allow cross-site scripting attacks.
(CVE-2013-0458, CVE-2013-0459, CVE-2013-0460, PM71139,
PM72536, PM72275)

- An unspecified error exists related to the
administration console for 'virtual member manager'
(VMM) that can allow cross-site scripting.
(CVE-2013-0461, PM71389)

See also :

Solution :

If using WebSphere Application Server, apply Fix Pack 27 ( or

Otherwise, if using embedded WebSphere Application Server packaged with
Tivoli Directory Server, contact the vendor for more information as IBM
currently has not a published fix pack 27 for that.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : false