IBM WebSphere Application Server 7.0 < Fix Pack 1 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 4783
The remote application server is affected by multiple vulnerabilities.
IBM WebSphere Application Server 7.0 before Fix Pack 1 appears to be running on the remote host. Such versions are reportedly affected by multiple vulnerabilities. - A vulnerability in feature pack for web services could lead to information disclosure due to 'userNameToken' (PK67282). - A user locked by the underlying OS may be able to authenticate via the administrative console (PK67909). - Web authentication options 'Authenticate when any URI is accessed' and 'Use available authentication data when an unprotected URI is accessed' are ignored. Servlets with no security constraints are not authenticated and usernames with the '@' symbol fail to authenticate (PK71826). - WS-Security in JAX-WS does not remove UsernameTokens from client cache on failed logins (PK72435). - SSL traffic is routed over unencrypted TCP routes (PK74777).