http://www-01.ibm.com/support/docview.wss?&uid=swg21632423

PM81056

was-ssl-sec-bypass(82695)

IBM WebSphere Application Server 8.5 before Fix Pack 2 appears to be running on the remote host and is, therefore, potentially affected by the following vulnerabilities :

  - The included Java SDK contains several errors that     affect the application directly. (CVE-2013-0169,     CVE-2013-0440, CVE-2013-0443)

  - Input validation errors exist related to the     administration console that could allow cross-site     scripting attacks. (CVE-2013-0458 / PM71139,     CVE-2013-0461 / PM71389, CVE-2013-0542 / PM81846,     CVE-2013-0565 / PM83402)

  - An input validation error exists related to the     administration console that could allow cross-site     scripting attacks. Note that this issue affects only     the application when running on z/OS operating systems.
    (CVE-2013-0459 / PM72536)

  - An unspecified error could allow security bypass for     authenticated users. (CVE-2013-0462 / PM76886 or     PM79937)

  - An error exists related to 'WS-Security' and SOAP     message handling that could allow an attacker to spoof     message signatures. (CVE-2013-0482 / PM76582)

  - An error exists related to authentication cookies that     could allow remote attackers to gain access to     restricted resources. Note this only affects the     application when running the 'Liberty Profile'.
    (CVE-2013-0540 / PM81056)

  - A buffer overflow error exists related to 'WebSphere     Identity Manger (WIM)' that could allow denial of     service attacks. (CVE-2013-0541 / PM74909)

  - An unspecified error could allow security bypass, thus     allowing remote attackers access to restricted resources     on HP, Linux and Solaris hosts.
    (CVE-2013-0543 / PM75582)

  - An unspecified error related to the administration     console could allow directory traversal attacks on     Unix and Linux hosts. (CVE-2013-0544 / PM82468)

CVE-2013-0540

low

Tenable Plugins

critical