This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.
The remote application server is affected by multiple vulnerabilities.
The remote host is running a version of IBM WebSphere Application
Server 7.0 prior to Fix Pack 35. It is, therefore, affected by the
following vulnerabilities :
- Multiple errors exist related to the included IBM HTTP
server that could allow remote code execution or denial
of service. (CVE-2013-5704, CVE-2014-0118,
CVE-2014-0226, CVE-2014-0231 / PI22070)
- An error exists related to HTTP header handling that
could allow the disclosure of sensitive information.
(CVE-2014-3021 / PI08268)
- An unspecified error exists that could allow the
disclosure of sensitive information.
(CVE-2014-3083 / PI17768)
- An unspecified input-validation errors exist related to
the 'Admin Console' that could allow cross-site
scripting and cross-site request forgery attacks.
(CVE-2014-4770, CVE-2014-4816 / PI23055)
See also :
Apply Fix Pack 35 (188.8.131.52) or later.
Note that the following interim fixes are available :
- CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, and
CVE-2014-0231 are corrected in IF PI22070.
- CVE-2014-3083 is corrected in IF PI17768.
- CVE-2014-4770 and CVE-2014-4816 are corrected in
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.0
Public Exploit Available : false
Family: Web Servers
Nessus Plugin ID: 78604 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now