Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

IBM WebSphere Application Server 7.0 < Fix Pack 3 Multiple Vulnerabilities

High

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

IBM WebSphere Application Server 7.0 before Fix Pack 3 appears to be running on the remote host. Such versions are reportedly affected by multiple vulnerabilities.

- Under certain conditions it may be possible to access administrative console user sessions. (PK74966)

- The adminitrative console is affected by a cross-site scripting vulnerability. (PK77505)

- If APAR PK41002 has been applied, an unspecified vulnerability in JAX-RPC WS-Security component could incorrectly validate 'UsernameToken'. (PK75992)

- Sample applications shipped with IBM WebSphere Application Server are affected by cross-site scripting vulnerabilities. (PK76720)

- Certain files associated with interim fixes for Unix-based versions of IBM WebSphere Application Server are built with insecure file permissions. (PK77590)

- The Web Services Security component is affected by an unspecified security issue in digital-signature specification. (PK80596)

- It may be possible for an attacker to read arbitrary application-specific war files. (PK81387)

- The application is prone to a session-highjacking vulnerability related to the 'forced logout' feature. (PK74966)

- A vulnerability affects the XML Digital Signature Specification in the web services security component. (PK80596)

Solution

Apply Fix Pack 3 (7.0.0.3) or higher.