IBM WebSphere Service Registry and Repository 6.3 < 22.214.171.124 Multiple Vulnerabilities
Low Nessus Plugin ID 80855
SynopsisThe remote host has a web application installed that is affected by multiple vulnerabilities.
DescriptionThe version of IBM WebSphere Service Registry and Repository (WSRR) is version 6.3 prior to 126.96.36.199. It is therefore, affected by multiple vulnerabilities :
- An unspecified DOM based cross-site scripting (XSS) vulnerability in the WSRR web UI. (CVE-2014-6132)
- WSSR web interface issues a cookie that is not declared SSL only. (CVE-2014-6153)
- Improper enforcement of object access control restrictions. (CVE-2014-6186)
- An unspecified cross-site request forgery (XSRF) vulnerability. (CVE-2014-6187)
- Unspecified cross-site scripting (XSS) vulnerabilities.
SolutionUpgrade to IBM WebSphere Service Registry and Repository Fix Pack 188.8.131.52 and contact the vendor for solutions to CVE-2014-6132 and CVE-2014-6153.