WebSphere Application Server < 188.8.131.52 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 4355
SynopsisThe remote host is vulnerable to multiple attack vectors.
DescriptionThe remote server is a WebSphere application server.
This version is reported to be vulnerable to a number of flaws. First, there is a reported flaw in the way that the administrative console monitors role users. Second, there is a buffer overflow in the default messaging component. Third, there is an unspecified flaw in the Java Transaction service. Fourth, there is an information disclosure flaw in the 'http_plugin.log' file. Fifth, there is an information disclosure flaw in the 'PropFilePasswordEncoder' utility. The details of these flaws are currently unknown; however, the vendor has released a patch to address these issues.
SolutionUpgrade or patch according to vendor recommendations.