IBM WebSphere Application Server 7.0 < 7.0.0.43 / 8.0 < 8.0.0.13 / 8.5 < 8.5.5.10 / 9.0 < 9.0.0.1 / Liberty 16.0 < 16.0.0.3 Information Disclosure

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote web application server is affected by an information
disclosure vulnerability.

Description :

The IBM WebSphere Application Server running on the remote host is
version 7.0 prior to 7.0.0.43, 8.0 prior to 8.0.0.13, 8.5 prior to
8.5.5.10, 9.0 prior to 9.0.0.1, or 16.0 (Liberty) prior to 16.0.0.3.
It is, therefore, affected by an information disclosure vulnerability
due to improper validation of user-supplied input. An authenticated,
remote attacker can exploit this to cause a buffer overflow condition,
resulting in the disclosure of sensitive information.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21982588

Solution :

Apply IBM WebSphere Application Server version 7.0 Fix Pack 43
(7.0.0.43) / 8.0 Fix Pack 13 (8.0.0.13) / 8.5 Fix Pack 10 (8.5.5.10) /
9.0 Fix Pack 1 (9.0.0.1) / 16.0 Fix Pack 3 (16.0.0.3) or later.
Alternatively, apply the appropriate Interim Fixes as recommended in
the vendor advisory.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N)
CVSS Temporal Score : 2.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 94582 ()

Bugtraq ID: 92505

CVE ID: CVE-2016-0385

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now