Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

WebSphere Application Server < 6.0.2.25 Multiple Vulnerabilities

Medium

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote server is a WebSphere application server. This version is reported to be vulnerable to a number of flaws. First, there is a reported flaw in the way that the administrative console monitors role users. Second, there is a buffer overflow in the default messaging component. Third, there is an unspecified flaw in the Java Transaction service. Fourth, there is an information disclosure flaw in the 'http_plugin.log' file. Fifth, there is an information disclosure flaw in the 'PropFilePasswordEncoder' utility. The details of these flaws are currently unknown; however, the vendor has released a patch to address these issues.

Solution

Upgrade or patch according to vendor recommendations.