Test ID:	1.3.6.1.4.1.25623.1.0.801863
Category:	Web Servers
Title:	IBM WebSphere Application Server 6.1.x < 6.1.0.37, 7.x < 7.0.0.15 Multiple Vulnerabilities
Summary:	IBM WebSphere Application Server is prone to multiple; vulnerabilities.
Description:	Summary: IBM WebSphere Application Server is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - Memory leak in 'com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl' in the JavaServer Pages (JSP) component allows remote attackers to cause a denial of service by sending many JSP requests that trigger large responses. - The AuthCache purge implementation in the Security component does not purge a user from the PlatformCredential cache, which allows remote authenticated users to gain privileges by leveraging a group membership specified in an old RACF Object. - The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component allows remote attackers to cause a denial of service via encrypted SOAP messages. Vulnerability Impact: Successful exploitation will let attackers to gain privileges or cause a denial of service. Affected Software/OS: IBM WebSphere Application Server version 6.1.x prior to 6.1.0.37 and 7.x prior to 7.0.0.15. Solution: Update to version 6.1.0.37, 7.0.0.15 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1317 AIX APAR: PM19500 http://www-01.ibm.com/support/docview.wss?uid=swg1PM19500 Common Vulnerability Exposure (CVE) ID: CVE-2011-1321 AIX APAR: PM24668 http://www-01.ibm.com/support/docview.wss?uid=swg1PM24668 Common Vulnerability Exposure (CVE) ID: CVE-2011-1322 AIX APAR: PM19534 http://www-01.ibm.com/support/docview.wss?uid=swg1PM19534
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.