SuSE 10 Security Update : Websphere Community Edition (ZYPP Patch Number 5850)

high Nessus Plugin ID 41596

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

Websphere has been updated to version 2.1.0.1 to fix several security vulnerabilities in the included subprojects, such as Apache Geronimo and Tomcat. (CVE-2007-0184 / CVE-2007-0185 / CVE-2007-2377 / CVE-2007-2449 / CVE-2007-2450 / CVE-2007-3382 / CVE-2007-3385 / CVE-2007-3386 / CVE-2007-5333 / CVE-2007-5342 / CVE-2007-5461 / CVE-2007-5613 / CVE-2007-5615 / CVE-2007-6286 / CVE-2008-0002 / CVE-2008-1232 / CVE-2008-1947 / CVE-2008-2370 / CVE-2008-2938)

Solution

Apply ZYPP patch number 5850.

See Also

http://support.novell.com/security/cve/CVE-2007-5342.html

http://support.novell.com/security/cve/CVE-2007-5461.html

http://support.novell.com/security/cve/CVE-2007-5613.html

http://support.novell.com/security/cve/CVE-2007-0184.html

http://support.novell.com/security/cve/CVE-2007-0185.html

http://support.novell.com/security/cve/CVE-2007-2377.html

http://support.novell.com/security/cve/CVE-2007-2449.html

http://support.novell.com/security/cve/CVE-2007-2450.html

http://support.novell.com/security/cve/CVE-2007-3382.html

http://support.novell.com/security/cve/CVE-2007-3385.html

http://support.novell.com/security/cve/CVE-2007-3386.html

http://support.novell.com/security/cve/CVE-2007-5333.html

http://support.novell.com/security/cve/CVE-2007-5615.html

http://support.novell.com/security/cve/CVE-2007-6286.html

http://support.novell.com/security/cve/CVE-2008-0002.html

http://support.novell.com/security/cve/CVE-2008-1232.html

http://support.novell.com/security/cve/CVE-2008-1947.html

http://support.novell.com/security/cve/CVE-2008-2370.html

http://support.novell.com/security/cve/CVE-2008-2938.html

Plugin Details

Severity: High

ID: 41596

File Name: suse_websphere-as_ce-5850.nasl

Version: 1.16

Type: local

Agent: unix

Published: 9/24/2009

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/3/2008

Exploitable With

CANVAS (D2ExploitPack)

Elliot (Apache Tomcat File Disclosure)

Reference Information

CVE: CVE-2007-0184, CVE-2007-0185, CVE-2007-2377, CVE-2007-2449, CVE-2007-2450, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386, CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-5613, CVE-2007-5615, CVE-2007-6286, CVE-2008-0002, CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938

CWE: 200, 22, 264, 79, 94