IBM WebSphere Application Server 7.0 < Fix Pack 35 Multiple Vulnerabilities
Medium Nessus Plugin ID 78604
The remote application server is affected by multiple vulnerabilities.
The remote host is running a version of IBM WebSphere Application Server 7.0 prior to Fix Pack 35. It is, therefore, affected by the following vulnerabilities : - Multiple errors exist related to the included IBM HTTP server that could allow remote code execution or denial of service. (CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231 / PI22070) - An error exists related to HTTP header handling that could allow the disclosure of sensitive information. (CVE-2014-3021 / PI08268) - An unspecified error exists that could allow the disclosure of sensitive information. (CVE-2014-3083 / PI17768) - An unspecified input-validation errors exist related to the 'Admin Console' that could allow cross-site scripting and cross-site request forgery attacks. (CVE-2014-4770, CVE-2014-4816 / PI23055)
Apply Fix Pack 35 (188.8.131.52) or later. Note that the following interim fixes are available : - CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, and CVE-2014-0231 are corrected in IF PI22070. - CVE-2014-3083 is corrected in IF PI17768. - CVE-2014-4770 and CVE-2014-4816 are corrected in IF PI23055.