 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.806824 |
| Kategorie: | Web Servers |
| Titel: | IBM WebSphere Application Server Multiple Vulnerabilities (swg21611313) |
| Zusammenfassung: | IBM WebSphere Application Server is prone to multiple; vulnerabilities. |
| Beschreibung: | Summary: IBM WebSphere Application Server is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An improper validation of credentials. - No CBIND checks when configuring Federated Repositories for IIOP connections and Optimized Local Adapters. - No purging of password data from the authentication cache, which has unspecified impact and remote attack vectors. - The some cross site request forgery vulnerability. - An error in administrative console. Vulnerability Impact: Successful exploitation will allow remote attacker to traverse directories on the system, to bypass security restrictions, to hijack a valid user's session and leads to information disclosure. Affected Software/OS: IBM WebSphere Application Server version 6.1.x prior to 6.1.0.45, 7.0.x prior to 7.0.0.25, 8.0.x prior to 8.0.0.5 and 8.5.x prior to 8.5.0.1. Solution: Update to version 6.1.0.45, 7.0.0.25, 8.0.0.5, 8.5.0.1 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-3306 AIX APAR: PM66514 http://www-01.ibm.com/support/docview.wss?uid=swg1PM66514 XForce ISS Database: was-multidomain-password-cache(77478) https://exchange.xforce.ibmcloud.com/vulnerabilities/77478 Common Vulnerability Exposure (CVE) ID: CVE-2012-3304 AIX APAR: PM54356 http://www-01.ibm.com/support/docview.wss?uid=swg1PM54356 http://osvdb.org/85733 XForce ISS Database: was-isc-session-hijacking(77476) https://exchange.xforce.ibmcloud.com/vulnerabilities/77476 Common Vulnerability Exposure (CVE) ID: CVE-2012-3311 AIX APAR: PM61388 http://www-01.ibm.com/support/docview.wss?uid=swg1PM61388 BugTraq ID: 55671 http://www.securityfocus.com/bid/55671 XForce ISS Database: was-cbind-iiop(77697) https://exchange.xforce.ibmcloud.com/vulnerabilities/77697 Common Vulnerability Exposure (CVE) ID: CVE-2012-3325 AIX APAR: PM71296 http://www-01.ibm.com/support/docview.wss?uid=swg1PM71296 BugTraq ID: 55309 http://www.securityfocus.com/bid/55309 http://www.securitytracker.com/id?1027462 http://secunia.com/advisories/54971 http://secunia.com/advisories/55115 XForce ISS Database: was-pm44303-security-bypass(77959) https://exchange.xforce.ibmcloud.com/vulnerabilities/77959 Common Vulnerability Exposure (CVE) ID: CVE-2012-4853 AIX APAR: PM62920 http://www-01.ibm.com/support/docview.wss?uid=swg1PM62920 BugTraq ID: 56458 http://www.securityfocus.com/bid/56458 XForce ISS Database: was-wasrequrl-csrf(79598) https://exchange.xforce.ibmcloud.com/vulnerabilities/79598 |
| Copyright | Copyright (C) 2016 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |