Detections
Analytics

IBM WebSphere Application Server 8.0 < Fix Pack 3 Multiple Vulnerabilities

critical Nessus Plugin ID 59505

Language:

Synopsis

The remote application server may be affected by multiple vulnerabilities.

Description

IBM WebSphere Application Server 8.0 before Fix Pack 3 appears to be running on the remote host and is potentially affected by the following vulnerabilities :

 - Unspecified cross-site scripting issues exist related to the administrative console. (PM52274, PM53132)

 - An issue related to the weak randomization of Java hash data structures can allow a remote attacker to cause a denial of service with maliciously crafted POST requests.
 (PM53930)

 - An unspecified error exists related to WS-Security enabled JAX-RPC applications. (PM45181)

Solution

Apply Fix Pack 3 for version 8.0 (8.0.0.3) or later.

See Also

http://www.nessus.org/u?ca3789f7

http://www-304.ibm.com/support/docview.wss?uid=swg21577532

http://www-304.ibm.com/support/docview.wss?uid=swg21589257

Plugin Details

Severity: Critical

ID: 59505

File Name: websphere_8_0_0_3.nasl

Version: 1.11

Type: remote

Family: Web Servers

Published: 6/14/2012

Updated: 12/4/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2011-1377

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server

Required KB Items: www/WebSphere

Exploit Ease: No known exploits are available

Patch Publication Date: 5/16/2012

Vulnerability Publication Date: 5/16/2012

Reference Information

CVE: CVE-2011-1377, CVE-2012-0193, CVE-2012-0716, CVE-2012-0720

BID: 50310, 51441, 52721, 52722

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990