IBM WebSphere Application Server < Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 4424


The remote application server is affected by multiple vulnerabilities.


IBM WebSphere Application Server 6.1 before Fix Pack 15 appears to be running on the remote host. Such versions are reportedly affected by the following vulnerabilities :

- There is an unspecified security exposure in wsadmin (PK45726).

- Sensitive information might appear in clear text in the http_plugin.log file (PK48785).

- There is an unspecified potential security exposure in the 'PropFilePasswordEncoder' utility (PK52709).

- There is an unspecified potential security exposure with 'serveServletsByClassnameEnabled' (PK52059).

- Sensitive information may appear in plain text in startserver.log (PK53198).


Apply Fix Pack 15 ( or higher.

See Also

Plugin Details

Severity: High

ID: 4424

Family: Web Servers

Published: 2008/03/12

Modified: 2016/01/15

Dependencies: 4270

Nessus ID: 45422

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C


Base Score: 7.3

Temporal Score: 6.4


Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server

Reference Information

BID: 28216