IBM WebSphere Application Server < 188.8.131.52 Multiple Vulnerabilities
Medium Nessus Plugin ID 38978
SynopsisThe remote application server is affected by multiple vulnerabilities.
DescriptionIBM WebSphere Application Server 6.0.2 before Fix Pack 35 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities :
- Non-standard HTTP methods are allowed. (PK73246)
- A login using the LPTAToken cookie may result in extending LTPAToken expiration time longer than the LTPAToken timeout value. (PK75919)
- Cross-site scripting vulnerabilities exist in sample applications. (PK76720)
- If the admin console is directly accessed from http, the console fails to redirect the connection to a secure login page. (PK77010)
- 'wsadmin' is affected by a security exposure. (PK77495)
- XML digital signature is affected by a security issue.
- In certain cases, application source files are exposed. (PK81387)
- Configservice APIs could display sensitive information. (PK84999)
SolutionApply Fix Pack 35 (184.108.40.206) or later.