How to Buy
This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote application server may be affected by multiple
IBM WebSphere Application Server 8.0 before Fix Pack 5 appears to be
running on the remote host. It is, therefore, potentially affected by
the following vulnerabilities :
- An unspecified error exists related to the
Administrative Console that can allow an attacker to
hijack sessions. (CVE-2012-3304, PM54356)
- An unspecified directory traversal error exists that
can allow remote attackers to overwrite files outside
the application's deployment directory. (CVE-2012-3305,
- When multi-domain support is enabled, the application
does not properly purge passwords from the
authentication cache. (CVE-2012-3306, PM66514)
- An error exists related to Federated Repositories for
IIOP connections, Optimized Local Adapters and CBIND
checking that can allow a local attacker to access or
modify arbitrary files. Note this issue only affects the
application when hosted on z/OS. (CVE-2012-3311,
- The fix contained in PM44303 contains an error that
can allow an authenticated attacker to bypass security
restrictions and gain administrative access to the
application. (CVE-2012-3325, PM71296)
- A request validation error exists related to the proxy
server component that could allow a remote attacker to
cause the proxy status to be reported as disabled, thus
denying applications access to the proxy.
See also :
Apply Fix Pack 5 for version 8.0 (220.127.116.11) or later.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.6
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 64380 ()
Bugtraq ID: 55309556715567856459
CVE ID: CVE-2012-3304CVE-2012-3305CVE-2012-3306CVE-2012-3311CVE-2012-3325CVE-2012-3330
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.