Test ID:	1.3.6.1.4.1.25623.1.0.806833
Category:	Web Servers
Title:	IBM WebSphere Application Server Multiple Vulnerabilities (swg21595172)
Summary:	IBM WebSphere Application Server is prone to multiple; vulnerabilities.
Description:	Summary: IBM WebSphere Application Server is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to - The Application Snoop Servlet does not properly restrict access. - insufficient validation of requests by Administration Console. - A security bypass vulnerability when a certain SSLv2 configuration with client authentication is used. Vulnerability Impact: Successful exploitation will allow remote attacker to bypass authentication, to inject arbitrary web script or HTML and to obtain sensitive information. Affected Software/OS: IBM WebSphere Application Server version 7.0 prior to 7.0.0.23. Solution: Update to version 7.0.0.23 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0716 AIX APAR: PM53132 http://www.ibm.com/support/docview.wss?uid=swg1PM53132 BugTraq ID: 52722 http://www.securityfocus.com/bid/52722 Common Vulnerability Exposure (CVE) ID: CVE-2012-2170 AIX APAR: PM56183 http://www.ibm.com/support/docview.wss?uid=swg1PM56183 XForce ISS Database: was-snoop-info-disclosure(75234) https://exchange.xforce.ibmcloud.com/vulnerabilities/75234 Common Vulnerability Exposure (CVE) ID: CVE-2012-0720 AIX APAR: PM52274 http://www.ibm.com/support/docview.wss?uid=swg1PM52274 XForce ISS Database: was-isc-xss(74044) https://exchange.xforce.ibmcloud.com/vulnerabilities/74044 Common Vulnerability Exposure (CVE) ID: CVE-2012-0717 AIX APAR: PM52351 http://www.ibm.com/support/docview.wss?uid=swg1PM52351
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.