Web Servers : IBM WebSphere Application Server Multiple Vulnerabilities (Jan 2012)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.802412

Kategorie: Web Servers

Titel: IBM WebSphere Application Server Multiple Vulnerabilities (Jan 2012)

Zusammenfassung: IBM WebSphere Application Server is prone to multiple; vulnerabilities.

Beschreibung: Summary:
IBM WebSphere Application Server is prone to multiple
vulnerabilities.

Vulnerability Insight:
The following vulnerabilities exist:

- An unspecified error exists in a WS-Security policy enabled Java API for XML Web Services
(JAX-WS) application

- A certain unspecified input passed to the web messaging component is not properly sanitised
before being returned to the user

- A SibRaRecoverableSiXaResource class in the Default Messaging Component, does not properly
handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture
(FFDC) introspection code

Vulnerability Impact:
Successful exploitation will let attackers to conduct cross-site
scripting (XSS) attacks or to obtain sensitive information and cause a denial of service
(DoS).

Affected Software/OS:
IBM WebSphere Application Server version 6.1.x prior to
6.1.0.41.

Solution:
Update to version 6.1.0.41 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-5066
AIX APAR: PM36685
http://www-01.ibm.com/support/docview.wss?uid=swg1PM36685
Common Vulnerability Exposure (CVE) ID: CVE-2011-5065
AIX APAR: PM37840
http://www-01.ibm.com/support/docview.wss?uid=swg1PM37840
AIX APAR: PM49872
http://www-01.ibm.com/support/docview.wss?uid=swg1PM49872
BugTraq ID: 51559
http://www.securityfocus.com/bid/51559
http://secunia.com/advisories/46469
XForce ISS Database: was-wm-xss(72336)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72336
Common Vulnerability Exposure (CVE) ID: CVE-2011-1377
AIX APAR: PM43792
http://www-01.ibm.com/support/docview.wss?uid=swg1PM43792
AIX APAR: PM50205
http://www-01.ibm.com/support/docview.wss?uid=swg1PM50205
BugTraq ID: 50310
http://www.securityfocus.com/bid/50310
XForce ISS Database: was-wssecurity-unspecified(72299)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72299

Copyright Copyright (C) 2012 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.802412
Kategorie:	Web Servers
Titel:	IBM WebSphere Application Server Multiple Vulnerabilities (Jan 2012)
Zusammenfassung:	IBM WebSphere Application Server is prone to multiple; vulnerabilities.
Beschreibung:	Summary: IBM WebSphere Application Server is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - An unspecified error exists in a WS-Security policy enabled Java API for XML Web Services (JAX-WS) application - A certain unspecified input passed to the web messaging component is not properly sanitised before being returned to the user - A SibRaRecoverableSiXaResource class in the Default Messaging Component, does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (FFDC) introspection code Vulnerability Impact: Successful exploitation will let attackers to conduct cross-site scripting (XSS) attacks or to obtain sensitive information and cause a denial of service (DoS). Affected Software/OS: IBM WebSphere Application Server version 6.1.x prior to 6.1.0.41. Solution: Update to version 6.1.0.41 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-5066 AIX APAR: PM36685 http://www-01.ibm.com/support/docview.wss?uid=swg1PM36685 Common Vulnerability Exposure (CVE) ID: CVE-2011-5065 AIX APAR: PM37840 http://www-01.ibm.com/support/docview.wss?uid=swg1PM37840 AIX APAR: PM49872 http://www-01.ibm.com/support/docview.wss?uid=swg1PM49872 BugTraq ID: 51559 http://www.securityfocus.com/bid/51559 http://secunia.com/advisories/46469 XForce ISS Database: was-wm-xss(72336) https://exchange.xforce.ibmcloud.com/vulnerabilities/72336 Common Vulnerability Exposure (CVE) ID: CVE-2011-1377 AIX APAR: PM43792 http://www-01.ibm.com/support/docview.wss?uid=swg1PM43792 AIX APAR: PM50205 http://www-01.ibm.com/support/docview.wss?uid=swg1PM50205 BugTraq ID: 50310 http://www.securityfocus.com/bid/50310 XForce ISS Database: was-wssecurity-unspecified(72299) https://exchange.xforce.ibmcloud.com/vulnerabilities/72299
Copyright	Copyright (C) 2012 Greenbone AG