Test ID:	1.3.6.1.4.1.25623.1.0.808188
Category:	Web Servers
Title:	IBM WebSphere Application Server Liberty Multiple Liberty Vulnerabilities (Jul 2016)
Summary:	IBM WebSphere Application Server Liberty is prone to multiple; vulnerabilities
Description:	Summary: IBM WebSphere Application Server Liberty is prone to multiple vulnerabilities Vulnerability Insight: Multiple flaws exist due to: - The failure of setting the 'HTTPOnly' flag in 'JAX-RS' API. - IBM WebSphere Application Server Liberty Profile using the API Discovery feature could provide weaker than expected security in 'API Discovery' feature when using Swagger documents with external references. - An improper handling by the Admin Center. Vulnerability Impact: Successful exploitation may allow a remote attacker to obtain sensitive information and also allow a remote authenticated users to gain privileges. Affected Software/OS: IBM WebSphere Application Server Liberty version 8.5.x through 8.5.5.9. Solution: See the referenced vendor advisory. CVSS Score: 6.0 CVSS Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-2923 AIX APAR: PI61936 http://www-01.ibm.com/support/docview.wss?uid=swg1PI61936 BugTraq ID: 91518 http://www.securityfocus.com/bid/91518 Common Vulnerability Exposure (CVE) ID: CVE-2016-2945 AIX APAR: PI62450 http://www-01.ibm.com/support/docview.wss?uid=swg1PI62450 BugTraq ID: 91517 http://www.securityfocus.com/bid/91517 Common Vulnerability Exposure (CVE) ID: CVE-2016-0389 AIX APAR: PI62052 http://www-01.ibm.com/support/docview.wss?uid=swg1PI62052 BugTraq ID: 91515 http://www.securityfocus.com/bid/91515
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.