IBM WebSphere Application Server < 6.1.0.15 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 4424

Synopsis

The remote application server is affected by multiple vulnerabilities.

Description

IBM WebSphere Application Server 6.1 before Fix Pack 15 appears to be running on the remote host. Such versions are reportedly affected by the following vulnerabilities :

- There is an unspecified security exposure in wsadmin (PK45726).

- Sensitive information might appear in clear text in the http_plugin.log file (PK48785).

- There is an unspecified potential security exposure in the 'PropFilePasswordEncoder' utility (PK52709).

- There is an unspecified potential security exposure with 'serveServletsByClassnameEnabled' (PK52059).

- Sensitive information may appear in plain text in startserver.log (PK53198).

Solution

Apply Fix Pack 15 (6.1.0.15) or higher.

See Also

http://www-1.ibm.com/support/docview.wss?uid=swg27007951

http://www.securityfocus.com/bid/28216

Plugin Details

Severity: High

ID: 4424

Family: Web Servers

Published: 2008/03/12

Modified: 2016/01/15

Dependencies: 4270

Nessus ID: 45422

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server

Reference Information

BID: 28216