Test ID:	1.3.6.1.4.1.25623.1.0.902457
Category:	Web Servers
Title:	IBM WebSphere Application Multiple Vulnerabilities (Jul 2011)
Summary:	IBM WebSphere Application Server is prone to multiple; vulnerabilities.
Description:	Summary: IBM WebSphere Application Server is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - 'logoutExitPage' parameter allows to bypass security restrictions - Administration Console requests allows local attacker to obtain sensitive information Vulnerability Impact: Successful exploitation will allow remote users to gain sensitive information to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage parameter. Affected Software/OS: IBM WebSphere Application Server version 6.1.x prior to 6.1.0.39 and 7.x prior to 7.0.0.19. Solution: Update to version 6.1.0.39, 7.0.0.19 or later. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1355 AIX APAR: PM35701 http://www.ibm.com/support/docview.wss?uid=swg1PM35701 AIX APAR: PM42436 http://www.ibm.com/support/docview.wss?uid=swg1PM42436 XForce ISS Database: was-logoutexitpage-security-bypass(68570) https://exchange.xforce.ibmcloud.com/vulnerabilities/68570 Common Vulnerability Exposure (CVE) ID: CVE-2011-1356 AIX APAR: PM36620 http://www.ibm.com/support/docview.wss?uid=swg1PM36620 BugTraq ID: 48709 http://www.securityfocus.com/bid/48709 XForce ISS Database: was-admcons-info-disclosure(68571) https://exchange.xforce.ibmcloud.com/vulnerabilities/68571
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.