This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote web application server is affected by an information
The version of the IBM WebSphere Application Server running on the
remote host is 7.0 prior to 184.108.40.206, 8.0 prior to 220.127.116.11, or 8.5
prior to 18.104.22.168. It is, therefore, affected by an information
disclosure vulnerability in the Administrative Console due to
improperly setting the CSRFtoken cookie. An authenticated, remote
attacker can exploit this to disclose sensitive information.
See also :
Apply IBM WebSphere Application Server version 7.0 Fix Pack 43
(22.214.171.124) / 8.0 Fix Pack 13 (126.96.36.199) / 8.5 Fix Pack 10 (188.8.131.52) or
later. Alternatively, apply the appropriate Interim Fixes as
recommended in the vendor advisory.
Risk factor :
Medium / CVSS Base Score : 4.0
CVSS Temporal Score : 3.3
Public Exploit Available : true