Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

IBM WebSphere Application Server 8.5 < 8.5.5.7 Multiple Vulnerabilities

Medium

Synopsis

The remote host is running an application server that is vulnerable to multiple attack vectors.

Description

The remote host appears to be running IBM WebSphere Application Server 8.5 prior to 8.5.5.7. Such versions are potentially affected by multiple issues :

- An information disclosure vulnerability exists that allows an unauthenticated, remote attacker to identify the proxy server software by reading the HTTP 'Via' header. (CVE-2015-1932) - An unspecified flaw exists that allows an unauthenticated, remote attacker to spoof servlets or disclose sensitive information. (CVE-2015-4938)

Solution

Upgrade WebSphere Application Server to 8.5.5.7 or later.