Synopsis
The remote application server is affected by multiple vulnerabilities.
Description
The remote host is running a version of IBM WebSphere Application Server 7.0 prior to Fix Pack 35. It is, therefore, affected by the following vulnerabilities :
- Multiple errors exist related to the included IBM HTTP server that could allow remote code execution or denial of service. (CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231 / PI22070)
- An error exists related to HTTP header handling that could allow the disclosure of sensitive information.
(CVE-2014-3021 / PI08268)
- An unspecified error exists that could allow the disclosure of sensitive information.
(CVE-2014-3083 / PI17768)
- An unspecified input-validation errors exist related to the 'Admin Console' that could allow cross-site scripting and cross-site request forgery attacks.
(CVE-2014-4770, CVE-2014-4816 / PI23055)
Solution
Apply Fix Pack 35 (7.0.0.35) or later.
Note that the following interim fixes are available :
- CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, and CVE-2014-0231 are corrected in IF PI22070.
- CVE-2014-3083 is corrected in IF PI17768.
- CVE-2014-4770 and CVE-2014-4816 are corrected in IF PI23055.