IBM WebSphere Application Server 7.0 < Fix Pack 19 Multiple Vulnerabilities
Medium Nessus Plugin ID 56229
The remote application server may be affected by multiple vulnerabilities.
IBM WebSphere Application Server 7.0 before Fix Pack 19 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - An open redirect vulnerability exists related to the 'logoutExitPage' parameter. This can allow remote attackers to trick users into requesting unintended URLs. (PM35701) - The administrative console can display a stack trace under unspecified circumstances and can disclose potentially sensitive information to local users. (PM36620) - The Installation Verification Tool servlet (IVT) does not properly sanitize user-supplied input of arbitrary HTML and script code, which could allow cross-site scripting attacks. (PM40733) - A token verification error exists in the bundled OpenSAML library. This error can allow an attacker to bypass security controls with an XML signature wrapping attack via SOAP messages. (PM43254) - A directory traversal attack is possible via unspecified parameters in the 'help' servlet. (PM45322)
If using WebSphere Application Server, apply Fix Pack 19 (188.8.131.52) or later. Otherwise, if using embedded WebSphere Application Server packaged with Tivoli Directory Server, apply the latest recommended eWAS fix pack.