IBM WebSphere Application Server 8.0 < Fix Pack 2 Multiple Vulnerabilities
Medium Nessus Plugin ID 58596
SynopsisThe remote application server may be affected by multiple vulnerabilities.
DescriptionIBM WebSphere Application Server 8.0 before Fix Pack 2 appears to be running on the remote host and is potentially affected by the following vulnerabilities :
- An unspecified cross-site scripting issue exists related to the 'Web 2.0 Messaging service'. (PM37840)
- A security exposure when using WS-Security could result in a user gaining elevated privileges in applications using JAX-WS. (PM43585 / CVE-2011-1377)
- Insecure file permissions are applied to the files in the '$WAS_HOME/systemapps/isclite.ear' and '$WAS_HOME/bin/client_ffdc' directories. These permissions can allow a local attacker to read or write files in those directories. Note this issue only affects the application on the IBM i operating system.
- An error exists in the class 'javax.naming.directory.AttributeInUseException' and can allow old passwords to still provide access. This error is triggered when passwords are updated by using IBM Tivoli Directory Server. (PM52049)
SolutionApply Fix Pack 2 for version 8.0 (220.127.116.11) or later.