IBM WebSphere Application Server 7.0 < Fix Pack 7
Medium Nessus Plugin ID 42821
SynopsisThe remote application server is affected by multiple vulnerabilities.
DescriptionIBM WebSphere Application Server 7.0 before Fix Pack 7 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities :
- A cross-site request forgery vulnerability exists due to insufficient validation of user-supplied input by the administrative console. (PK87176)
- Due to an error in Java Naming and Directory Interface, it may be possible to obtain sensitive information.
- The administrative console is affected by a cross-site scripting vulnerability. (PK92057)
- It may be possible to bypass security restrictions using a specially crafted HTTP HEAD method. (PK83258)
SolutionApply Fix Pack 7 (126.96.36.199) or later.