IBM WebSphere Application Server 7.0 < 22.214.171.124 / 8.0 < 126.96.36.199 / 8.5 < 188.8.131.52 Information Disclosure
Medium Nessus Plugin ID 96178
SynopsisThe remote web application server is affected by an information disclosure vulnerability.
DescriptionThe version of the IBM WebSphere Application Server running on the remote host is 7.0 prior to 184.108.40.206, 8.0 prior to 220.127.116.11, or 8.5 prior to 18.104.22.168. It is, therefore, affected by an information disclosure vulnerability in the Administrative Console due to improperly setting the CSRFtoken cookie. An authenticated, remote attacker can exploit this to disclose sensitive information.
SolutionApply IBM WebSphere Application Server version 7.0 Fix Pack 43 (22.214.171.124) / 8.0 Fix Pack 13 (126.96.36.199) / 8.5 Fix Pack 10 (188.8.131.52) or later. Alternatively, apply the appropriate Interim Fixes as recommended in the vendor advisory.