Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.806824 |
Category: | Web Servers |
Title: | IBM Websphere Application Server Multiple Vulnerabilities-02 Jan16 |
Summary: | This host is installed with IBM Websphere; application server and is prone to multiple vulnerabilities. |
Description: | Summary: This host is installed with IBM Websphere application server and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An improper validation of credentials. - No CBIND checks when configuring Federated Repositories for IIOP connections and Optimized Local Adapters. - No purging of password data from the authentication cache, which has unspecified impact and remote attack vectors. - The some cross site request forgery vulnerability. - An error in administrative console. Vulnerability Impact: Successful exploitation will allow remote attacker to traverse directories on the system, to bypass security restrictions, to hijack a valid user's session, and leads to information disclosure. Affected Software/OS: IBM WebSphere Application Server (WAS) version 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 Solution: Upgrade to IBM WebSphere Application Server (WAS) version 6.1.0.45, or 7.0.0.25, or 8.0.0.5, or 8.5.0.1, or later CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Cross-Ref: |
BugTraq ID: 55678 BugTraq ID: 55671 BugTraq ID: 55309 BugTraq ID: 56458 Common Vulnerability Exposure (CVE) ID: CVE-2012-3306 AIX APAR: PM66514 http://www-01.ibm.com/support/docview.wss?uid=swg1PM66514 XForce ISS Database: was-multidomain-password-cache(77478) https://exchange.xforce.ibmcloud.com/vulnerabilities/77478 Common Vulnerability Exposure (CVE) ID: CVE-2012-3304 AIX APAR: PM54356 http://www-01.ibm.com/support/docview.wss?uid=swg1PM54356 http://osvdb.org/85733 XForce ISS Database: was-isc-session-hijacking(77476) https://exchange.xforce.ibmcloud.com/vulnerabilities/77476 Common Vulnerability Exposure (CVE) ID: CVE-2012-3311 AIX APAR: PM61388 http://www-01.ibm.com/support/docview.wss?uid=swg1PM61388 http://www.securityfocus.com/bid/55671 XForce ISS Database: was-cbind-iiop(77697) https://exchange.xforce.ibmcloud.com/vulnerabilities/77697 Common Vulnerability Exposure (CVE) ID: CVE-2012-3325 AIX APAR: PM71296 http://www-01.ibm.com/support/docview.wss?uid=swg1PM71296 http://www.securityfocus.com/bid/55309 http://www.securitytracker.com/id?1027462 http://secunia.com/advisories/54971 http://secunia.com/advisories/55115 XForce ISS Database: was-pm44303-security-bypass(77959) https://exchange.xforce.ibmcloud.com/vulnerabilities/77959 Common Vulnerability Exposure (CVE) ID: CVE-2012-4853 AIX APAR: PM62920 http://www-01.ibm.com/support/docview.wss?uid=swg1PM62920 http://www.securityfocus.com/bid/56458 XForce ISS Database: was-wasrequrl-csrf(79598) https://exchange.xforce.ibmcloud.com/vulnerabilities/79598 |
Copyright | Copyright (C) 2016 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |