IBM WebSphere Application Server 7.0 < Fix Pack 3 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 4991
SynopsisThe remote host is vulnerable to multiple attack vectors.
DescriptionIBM WebSphere Application Server 7.0 before Fix Pack 3 appears to be running on the remote host. Such versions are reportedly affected by multiple vulnerabilities.
- Under certain conditions it may be possible to access administrative console user sessions. (PK74966)
- The adminitrative console is affected by a cross-site scripting vulnerability. (PK77505)
- If APAR PK41002 has been applied, an unspecified vulnerability in JAX-RPC WS-Security component could incorrectly validate 'UsernameToken'. (PK75992)
- Sample applications shipped with IBM WebSphere Application Server are affected by cross-site scripting vulnerabilities. (PK76720)
- Certain files associated with interim fixes for Unix-based versions of IBM WebSphere Application Server are built with insecure file permissions. (PK77590)
- The Web Services Security component is affected by an unspecified security issue in digital-signature specification. (PK80596)
- It may be possible for an attacker to read arbitrary application-specific war files. (PK81387)
- The application is prone to a session-highjacking vulnerability related to the 'forced logout' feature. (PK74966)
- A vulnerability affects the XML Digital Signature Specification in the web services security component. (PK80596)
SolutionApply Fix Pack 3 (18.104.22.168) or higher.