IBM WebSphere Application Server < 126.96.36.199 Multiple Vulnerabilities
Medium Nessus Plugin ID 56683
SynopsisThe remote application server is affected by multiple vulnerabilities.
DescriptionIBM WebSphere Application Server 6.1 before Fix Pack 29 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities :
- A cross-site request forgery vulnerability exists due to insufficient validation of user-supplied input by the administrative console. (PK87176)
- Due to an error in Java Naming and Directory Interface, it may be possible to obtain sensitive information.
- The administrative console is affected by a cross-site scripting vulnerability. (PK92057)
SolutionIf using WebSphere Application Server, apply Fix Pack 29 (188.8.131.52) or later.
Otherwise, if using embedded WebSphere Application Server packaged with Tivoli Directory Server, apply the latest recommended eWAS fix pack.