Detections
Analytics

IBM WebSphere Application Server 7.0 < Fix Pack 7

medium Nessus Plugin ID 42821

Language:

Synopsis

The remote application server is affected by multiple vulnerabilities.

Description

IBM WebSphere Application Server 7.0 before Fix Pack 7 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities :

 - A cross-site request forgery vulnerability exists due to insufficient validation of user-supplied input by the administrative console. (PK87176)

 - Due to an error in Java Naming and Directory Interface, it may be possible to obtain sensitive information.
 (PK91414).

 - The administrative console is affected by a cross-site scripting vulnerability. (PK92057)

 - It may be possible to bypass security restrictions using a specially crafted HTTP HEAD method. (PK83258)

Solution

Apply Fix Pack 7 (7.0.0.7) or later.

See Also

http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27014463#7007

Plugin Details

Severity: Medium

ID: 42821

File Name: websphere_7_0_0_7.nasl

Version: 1.14

Type: remote

Family: Web Servers

Published: 11/13/2009

Updated: 8/6/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server

Required KB Items: www/WebSphere

Exploit Ease: No known exploits are available

Patch Publication Date: 11/13/2009

Vulnerability Publication Date: 11/13/2009

Reference Information

CVE: CVE-2009-2746, CVE-2009-2747, CVE-2009-2748, CVE-2009-3106

BID: 37015

CWE: 264, 352

Secunia: 37379