 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.801861 |
| Kategorie: | Web Servers |
| Titel: | IBM WebSphere Application Server Multiple Vulnerabilities (Mar 2011) |
| Zusammenfassung: | IBM WebSphere Application Server is prone to multiple; vulnerabilities. |
| Beschreibung: | Summary: IBM WebSphere Application Server is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - Error in the installer creates a temporary directory for logs with insecure permissions - Input validation error in the IVT application could allow cross-site scripting (XSS) attacks - Error related to trace requests handling in the plug-in component - The Security component, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file allows remote authenticated users to gain privileges - The Service Integration Bus (SIB) messaging engine allows remote attackers to cause a denial of service (DoS) by performing close operations via network connections to a queue manager - Memory leak in the messaging engine allows remote attackers to cause a denial of service (DoS) via network connections associated with a NULL return value from a synchronous JMS receive call - The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component allows remote attackers to cause a denial of service (DoS) by sending many UDP messages - Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component allows remote attackers to cause a denial of service (DoS) by accessing a JSP page of an application that is repeatedly stopped and restarted Vulnerability Impact: Successful exploitation may let attackers to execute arbitrary script code, steal cookie-based authentication credentials, obtain sensitive information and perform unauthorized actions. Affected Software/OS: IBM WebSphere Application Server prior to version 7.0.0.15. Solution: Update to version 7.0.0.15 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-1307 AIX APAR: PM20021 http://www-01.ibm.com/support/docview.wss?uid=swg1PM20021 BugTraq ID: 46736 http://www.securityfocus.com/bid/46736 http://www.vupen.com/english/advisories/2011/0564 Common Vulnerability Exposure (CVE) ID: CVE-2011-1308 AIX APAR: PM20393 http://www-01.ibm.com/support/docview.wss?uid=swg1PM20393 XForce ISS Database: was-ivt-xss(65992) https://exchange.xforce.ibmcloud.com/vulnerabilities/65992 Common Vulnerability Exposure (CVE) ID: CVE-2011-1309 AIX APAR: PM22860 http://www-01.ibm.com/support/docview.wss?uid=swg1PM22860 Common Vulnerability Exposure (CVE) ID: CVE-2011-1311 AIX APAR: PM25455 http://www-01.ibm.com/support/docview.wss?uid=swg1PM25455 Common Vulnerability Exposure (CVE) ID: CVE-2011-1314 AIX APAR: PM19834 http://www-01.ibm.com/support/docview.wss?uid=swg1PM19834 Common Vulnerability Exposure (CVE) ID: CVE-2011-1315 AIX APAR: PM23626 http://www-01.ibm.com/support/docview.wss?uid=swg1PM23626 Common Vulnerability Exposure (CVE) ID: CVE-2011-1316 AIX APAR: PM23115 http://www-01.ibm.com/support/docview.wss?uid=swg1PM23115 Common Vulnerability Exposure (CVE) ID: CVE-2011-1318 AIX APAR: PM23029 http://www-01.ibm.com/support/docview.wss?uid=swg1PM23029 |
| Copyright | Copyright (C) 2011 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |