IBM WebSphere Application Server 7.0 < Fix Pack 35 Multiple Vulnerabilities

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote application server is affected by multiple vulnerabilities.

Description :

The remote host is running a version of IBM WebSphere Application
Server 7.0 prior to Fix Pack 35. It is, therefore, affected by the
following vulnerabilities :

- Multiple errors exist related to the included IBM HTTP
server that could allow remote code execution or denial
of service. (CVE-2013-5704, CVE-2014-0118,
CVE-2014-0226, CVE-2014-0231 / PI22070)

- An error exists related to HTTP header handling that
could allow the disclosure of sensitive information.
(CVE-2014-3021 / PI08268)

- An unspecified error exists that could allow the
disclosure of sensitive information.
(CVE-2014-3083 / PI17768)

- An unspecified input-validation errors exist related to
the 'Admin Console' that could allow cross-site
scripting and cross-site request forgery attacks.
(CVE-2014-4770, CVE-2014-4816 / PI23055)

See also :

https://www-304.ibm.com/support/docview.wss?uid=swg21684612
http://www-01.ibm.com/support/docview.wss?uid=swg27004980#ver70
http://www.nessus.org/u?834c5fca
https://www-304.ibm.com/support/docview.wss?uid=swg24038178
https://www-304.ibm.com/support/docview.wss?uid=swg21672428
https://www-304.ibm.com/support/docview.wss?uid=swg21682767

Solution :

Apply Fix Pack 35 (7.0.0.35) or later.

Note that the following interim fixes are available :

- CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, and
CVE-2014-0231 are corrected in IF PI22070.
- CVE-2014-3083 is corrected in IF PI17768.
- CVE-2014-4770 and CVE-2014-4816 are corrected in
IF PI23055.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now