Web Servers : IBM WebSphere Application Multiple Vulnerabilities (Jul 2011)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.902457

Kategorie: Web Servers

Titel: IBM WebSphere Application Multiple Vulnerabilities (Jul 2011)

Zusammenfassung: IBM WebSphere Application Server is prone to multiple; vulnerabilities.

Beschreibung: Summary:
IBM WebSphere Application Server is prone to multiple
vulnerabilities.

Vulnerability Insight:
The following vulnerabilities exist:

- 'logoutExitPage' parameter allows to bypass security restrictions

- Administration Console requests allows local attacker to obtain sensitive information

Vulnerability Impact:
Successful exploitation will allow remote users to gain
sensitive information to redirect users to arbitrary web sites and conduct phishing attacks via
the logoutExitPage parameter.

Affected Software/OS:
IBM WebSphere Application Server version 6.1.x prior to
6.1.0.39 and 7.x prior to 7.0.0.19.

Solution:
Update to version 6.1.0.39, 7.0.0.19 or later.

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-1355
AIX APAR: PM35701
http://www.ibm.com/support/docview.wss?uid=swg1PM35701
AIX APAR: PM42436
http://www.ibm.com/support/docview.wss?uid=swg1PM42436
XForce ISS Database: was-logoutexitpage-security-bypass(68570)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68570
Common Vulnerability Exposure (CVE) ID: CVE-2011-1356
AIX APAR: PM36620
http://www.ibm.com/support/docview.wss?uid=swg1PM36620
BugTraq ID: 48709
http://www.securityfocus.com/bid/48709
XForce ISS Database: was-admcons-info-disclosure(68571)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68571

Copyright Copyright (C) 2011 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.902457
Kategorie:	Web Servers
Titel:	IBM WebSphere Application Multiple Vulnerabilities (Jul 2011)
Zusammenfassung:	IBM WebSphere Application Server is prone to multiple; vulnerabilities.
Beschreibung:	Summary: IBM WebSphere Application Server is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - 'logoutExitPage' parameter allows to bypass security restrictions - Administration Console requests allows local attacker to obtain sensitive information Vulnerability Impact: Successful exploitation will allow remote users to gain sensitive information to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage parameter. Affected Software/OS: IBM WebSphere Application Server version 6.1.x prior to 6.1.0.39 and 7.x prior to 7.0.0.19. Solution: Update to version 6.1.0.39, 7.0.0.19 or later. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1355 AIX APAR: PM35701 http://www.ibm.com/support/docview.wss?uid=swg1PM35701 AIX APAR: PM42436 http://www.ibm.com/support/docview.wss?uid=swg1PM42436 XForce ISS Database: was-logoutexitpage-security-bypass(68570) https://exchange.xforce.ibmcloud.com/vulnerabilities/68570 Common Vulnerability Exposure (CVE) ID: CVE-2011-1356 AIX APAR: PM36620 http://www.ibm.com/support/docview.wss?uid=swg1PM36620 BugTraq ID: 48709 http://www.securityfocus.com/bid/48709 XForce ISS Database: was-admcons-info-disclosure(68571) https://exchange.xforce.ibmcloud.com/vulnerabilities/68571
Copyright	Copyright (C) 2011 Greenbone AG