This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote application server may be affected by multiple
IBM WebSphere Application Server 8.5 before Fix Pack 8.5.5 appears to
be running on the remote host and is, therefore, potentially affected by
the following vulnerabilities :
- The TLS protocol in the GSKIT component is vulnerable
to a plaintext recovery attack. (CVE-2013-0169, PM85211)
- The WS-Security run time contains a flaw that could be
triggered by a specially crafted SOAP request to execute
arbitrary code. (CVE-2013-0482, PM76582)
- A flaw exists relating to OAuth that could allow a
remote attacker to obtain someone else's credentials.
(CVE-2013-0597, PM85834, PM87131)
- A flaw exists relating to OpenJPA that is triggered
during deserialization, which could allow a remote
attacker to write to the file system and potentially
execute arbitrary code. (CVE-2013-1768, PM86780,
PM86786, PM86788, PM86791)
- An unspecified cross-site scripting vulnerability exists
related to the administrative console. (CVE-2013-2967,
- An unspecified vulnerability exists. (CVE-2013-2975)
- An information disclosure vulnerability exists relating
to incorrect caching by the administrative console.
- An improper process initialization flaw exists on UNIX
platforms that could allow a local attacker to execute
arbitrary commands. (CVE-2013-3024, PM86245)
See also :
Apply Fix Pack 8.5.5 for version 8.5 (220.127.116.11) or later.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : false