IBM WebSphere Application Server 7.0 < Fix Pack 7

Medium Nessus Plugin ID 42821


The remote application server is affected by multiple vulnerabilities.


IBM WebSphere Application Server 7.0 before Fix Pack 7 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities :

- A cross-site request forgery vulnerability exists due to insufficient validation of user-supplied input by the administrative console. (PK87176)

- Due to an error in Java Naming and Directory Interface, it may be possible to obtain sensitive information.

- The administrative console is affected by a cross-site scripting vulnerability. (PK92057)

- It may be possible to bypass security restrictions using a specially crafted HTTP HEAD method. (PK83258)


Apply Fix Pack 7 ( or later.

See Also

Plugin Details

Severity: Medium

ID: 42821

File Name: websphere_7_0_0_7.nasl

Version: $Revision: 1.13 $

Type: remote

Family: Web Servers

Published: 2009/11/13

Modified: 2016/11/29

Dependencies: 57034

Risk Information

Risk Factor: Medium


Base Score: 5.8

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server

Required KB Items: www/WebSphere

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/11/13

Vulnerability Publication Date: 2009/11/13

Reference Information

CVE: CVE-2009-2746, CVE-2009-2747, CVE-2009-2748, CVE-2009-3106

BID: 37015

OSVDB: 57884, 59961, 60197, 76872

Secunia: 37379

CWE: 264, 352