Detections
Analytics
IBM WebSphere Application Server 6.1 < 6.1.0.9 Cross-session Information Disclosure
medium Nessus Plugin ID 45421
Language:
Synopsis
The remote application server is affected by an information disclosure vulnerability.Description
IBM WebSphere Application Server 6.1 before Fix Pack 9 appears to be running on the remote host. As such, it is reportedly affected by an information disclosure vulnerability because the application sends response data intended for a different request in certain circumstances after a closed connection error. (PK41446)Solution
If using WebSphere Application Server, apply Fix Pack 9 (6.1.0.9) or later.Otherwise, if using embedded WebSphere Application Server packaged with Tivoli Directory Server, apply the latest recommended eWAS fix pack.
See Also
http://www-01.ibm.com/support/docview.wss?uid=swg21404665
http://www-01.ibm.com/support/docview.wss?uid=swg27009778
http://www-1.ibm.com/support/docview.wss?uid=swg21261071
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24015854
Plugin Details
Severity: Medium
ID: 45421
File Name: websphere_6_1_0_9.nasl
Version: 1.11
Type: remote
Family: Web Servers
Published: 4/5/2010
Updated: 8/6/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 2.5
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
CPE: cpe:/a:ibm:websphere_application_server
Required KB Items: www/WebSphere
Exploit Ease: No known exploits are available
Patch Publication Date: 5/11/2007
Vulnerability Publication Date: 6/25/2007
Reference Information
CVE: CVE-2007-3397
BID: 24608
Secunia: 25817