IBM WebSphere Application Server 6.1 < 6.1.0.9 Cross-session Information Disclosure

medium Nessus Plugin ID 45421

Synopsis

The remote application server is affected by an information disclosure vulnerability.

Description

IBM WebSphere Application Server 6.1 before Fix Pack 9 appears to be running on the remote host. As such, it is reportedly affected by an information disclosure vulnerability because the application sends response data intended for a different request in certain circumstances after a closed connection error. (PK41446)

Solution

If using WebSphere Application Server, apply Fix Pack 9 (6.1.0.9) or later.

Otherwise, if using embedded WebSphere Application Server packaged with Tivoli Directory Server, apply the latest recommended eWAS fix pack.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg21404665

http://www-01.ibm.com/support/docview.wss?uid=swg27009778

http://www-1.ibm.com/support/docview.wss?uid=swg21261071

http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24015854

Plugin Details

Severity: Medium

ID: 45421

File Name: websphere_6_1_0_9.nasl

Version: 1.11

Type: remote

Family: Web Servers

Published: 4/5/2010

Updated: 8/6/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server

Required KB Items: www/WebSphere

Exploit Ease: No known exploits are available

Patch Publication Date: 5/11/2007

Vulnerability Publication Date: 6/25/2007

Reference Information

CVE: CVE-2007-3397

BID: 24608

Secunia: 25817