Web Servers : IBM WebSphere Application Server 6.1.x < 6.1.0.37, 7.x

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.801863

Kategorie: Web Servers

Titel: IBM WebSphere Application Server 6.1.x < 6.1.0.37, 7.x < 7.0.0.15 Multiple Vulnerabilities

Zusammenfassung: IBM WebSphere Application Server is prone to multiple; vulnerabilities.

Beschreibung: Summary:
IBM WebSphere Application Server is prone to multiple
vulnerabilities.

Vulnerability Insight:
The following vulnerabilities exist:

- Memory leak in 'com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl' in the JavaServer Pages (JSP)
component allows remote attackers to cause a denial of service by sending many JSP requests that
trigger large responses.

- The AuthCache purge implementation in the Security component does not purge a user from the
PlatformCredential cache, which allows remote authenticated users to gain privileges by
leveraging a group membership specified in an old RACF Object.

- The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component
allows remote attackers to cause a denial of service via encrypted SOAP messages.

Vulnerability Impact:
Successful exploitation will let attackers to gain privileges or
cause a denial of service.

Affected Software/OS:
IBM WebSphere Application Server version 6.1.x prior to
6.1.0.37 and 7.x prior to 7.0.0.15.

Solution:
Update to version 6.1.0.37, 7.0.0.15 or later.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-1317
AIX APAR: PM19500
http://www-01.ibm.com/support/docview.wss?uid=swg1PM19500
Common Vulnerability Exposure (CVE) ID: CVE-2011-1321
AIX APAR: PM24668
http://www-01.ibm.com/support/docview.wss?uid=swg1PM24668
Common Vulnerability Exposure (CVE) ID: CVE-2011-1322
AIX APAR: PM19534
http://www-01.ibm.com/support/docview.wss?uid=swg1PM19534

Copyright Copyright (C) 2011 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.801863
Kategorie:	Web Servers
Titel:	IBM WebSphere Application Server 6.1.x < 6.1.0.37, 7.x < 7.0.0.15 Multiple Vulnerabilities
Zusammenfassung:	IBM WebSphere Application Server is prone to multiple; vulnerabilities.
Beschreibung:	Summary: IBM WebSphere Application Server is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - Memory leak in 'com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl' in the JavaServer Pages (JSP) component allows remote attackers to cause a denial of service by sending many JSP requests that trigger large responses. - The AuthCache purge implementation in the Security component does not purge a user from the PlatformCredential cache, which allows remote authenticated users to gain privileges by leveraging a group membership specified in an old RACF Object. - The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component allows remote attackers to cause a denial of service via encrypted SOAP messages. Vulnerability Impact: Successful exploitation will let attackers to gain privileges or cause a denial of service. Affected Software/OS: IBM WebSphere Application Server version 6.1.x prior to 6.1.0.37 and 7.x prior to 7.0.0.15. Solution: Update to version 6.1.0.37, 7.0.0.15 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1317 AIX APAR: PM19500 http://www-01.ibm.com/support/docview.wss?uid=swg1PM19500 Common Vulnerability Exposure (CVE) ID: CVE-2011-1321 AIX APAR: PM24668 http://www-01.ibm.com/support/docview.wss?uid=swg1PM24668 Common Vulnerability Exposure (CVE) ID: CVE-2011-1322 AIX APAR: PM19534 http://www-01.ibm.com/support/docview.wss?uid=swg1PM19534
Copyright	Copyright (C) 2011 Greenbone AG