Web Servers : IBM WebSphere Application Server Multiple Vulnerabilities (swg21595172)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.806833

Kategorie: Web Servers

Titel: IBM WebSphere Application Server Multiple Vulnerabilities (swg21595172)

Zusammenfassung: IBM WebSphere Application Server is prone to multiple; vulnerabilities.

Beschreibung: Summary:
IBM WebSphere Application Server is prone to multiple
vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to

- The Application Snoop Servlet does not properly restrict access.

- insufficient validation of requests by Administration Console.

- A security bypass vulnerability when a certain SSLv2 configuration with client authentication
is used.

Vulnerability Impact:
Successful exploitation will allow remote attacker to bypass
authentication, to inject arbitrary web script or HTML and to obtain sensitive information.

Affected Software/OS:
IBM WebSphere Application Server version 7.0 prior to
7.0.0.23.

Solution:
Update to version 7.0.0.23 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-0716
AIX APAR: PM53132
http://www.ibm.com/support/docview.wss?uid=swg1PM53132
BugTraq ID: 52722
http://www.securityfocus.com/bid/52722
Common Vulnerability Exposure (CVE) ID: CVE-2012-2170
AIX APAR: PM56183
http://www.ibm.com/support/docview.wss?uid=swg1PM56183
XForce ISS Database: was-snoop-info-disclosure(75234)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75234
Common Vulnerability Exposure (CVE) ID: CVE-2012-0720
AIX APAR: PM52274
http://www.ibm.com/support/docview.wss?uid=swg1PM52274
XForce ISS Database: was-isc-xss(74044)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74044
Common Vulnerability Exposure (CVE) ID: CVE-2012-0717
AIX APAR: PM52351
http://www.ibm.com/support/docview.wss?uid=swg1PM52351

Copyright Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.806833
Kategorie:	Web Servers
Titel:	IBM WebSphere Application Server Multiple Vulnerabilities (swg21595172)
Zusammenfassung:	IBM WebSphere Application Server is prone to multiple; vulnerabilities.
Beschreibung:	Summary: IBM WebSphere Application Server is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to - The Application Snoop Servlet does not properly restrict access. - insufficient validation of requests by Administration Console. - A security bypass vulnerability when a certain SSLv2 configuration with client authentication is used. Vulnerability Impact: Successful exploitation will allow remote attacker to bypass authentication, to inject arbitrary web script or HTML and to obtain sensitive information. Affected Software/OS: IBM WebSphere Application Server version 7.0 prior to 7.0.0.23. Solution: Update to version 7.0.0.23 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0716 AIX APAR: PM53132 http://www.ibm.com/support/docview.wss?uid=swg1PM53132 BugTraq ID: 52722 http://www.securityfocus.com/bid/52722 Common Vulnerability Exposure (CVE) ID: CVE-2012-2170 AIX APAR: PM56183 http://www.ibm.com/support/docview.wss?uid=swg1PM56183 XForce ISS Database: was-snoop-info-disclosure(75234) https://exchange.xforce.ibmcloud.com/vulnerabilities/75234 Common Vulnerability Exposure (CVE) ID: CVE-2012-0720 AIX APAR: PM52274 http://www.ibm.com/support/docview.wss?uid=swg1PM52274 XForce ISS Database: was-isc-xss(74044) https://exchange.xforce.ibmcloud.com/vulnerabilities/74044 Common Vulnerability Exposure (CVE) ID: CVE-2012-0717 AIX APAR: PM52351 http://www.ibm.com/support/docview.wss?uid=swg1PM52351
Copyright	Copyright (C) 2016 Greenbone AG