IBM WebSphere Application Server 6.1 < Fix Pack 21 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 4929
SynopsisThe remote host is vulnerable to multiple attack vectors.
DescriptionIBM WebSphere Application Server 6.1 before Fix Pack 21 appears to be running on the remote host. Such versions are reportedly affected by multiple flaws :
- Provided Performance Monitoring Infrastructure (PMI) is
enabled. It may be possible for a local attacker to
obtain sensitive information through 'Systemout.log' and
'ffdc' files which are written by PerfServlet.
- SSL Configuration settings attribute 'Security Level'
does not correctly enforce the level of encryption used
by the application server. (PK63182)
SolutionApply Fix Pack 21 (22.214.171.124) or higher.