IBM WebSphere Application Server 6.1 < Fix Pack 19 Unspecified Vulnerability

Medium Nessus Network Monitor Plugin ID 4685

Synopsis

The remote application server is affected by an unspecified vulnerability.

Description

IBM WebSphere Application Server 6.1 before Fix Pack 19 appears to be running on the remote host. Such versions reportedly have an as-yet unspecified security exposure when the 'FileServing' feature in the Servlet Engine / Web Container component is enabled. (PK64302).

Solution

Apply Fix Pack 19 (6.1.0.19) or higher.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg27007951#61019

http://www.securityfocus.com/bid/31186

Plugin Details

Severity: Medium

ID: 4685

File Name: 4685.prm

Family: Web Servers

Published: 2008/09/17

Modified: 2016/01/21

Dependencies: 4270

Nessus ID: 34219

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5.1

Temporal Score: 5

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server

Reference Information

CVE: CVE-2008-4283, CVE-2008-4284, CVE-2009-0432, CVE-2009-0433, CVE-2009-0434, CVE-2009-0435, CVE-2009-0436, CVE-2009-0438, CVE-2008-4111

BID: 31186, 33700

OSVDB: 52595, 52599, 53271, 53272, 53273, 53979, 53990, 56186, 56187