Detections
Analytics
IBM WebSphere Application Server 7.0 < Fix Pack 9
medium Nessus Plugin ID 45431
Language:
Synopsis
The remote application server is affected by multiple vulnerabilities.Description
IBM WebSphere Application Server 7.0 before Fix Pack 9 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities :- An unspecified cross-site scripting vulnerability in the Administration Console. (PK97376)
- An error when defining a wsadmin scripting 'J2CConnectionFactory' object results in passwords being stored unencrypted in the resources.xml file. (PK95089)
- An error related to the ORB ListenerThread could allow remote, authenticated users to cause a denial of service.
(PK93653)
Solution
If using WebSphere Application Server, apply Fix Pack 9 (7.0.0.9) or later.Otherwise, if using embedded WebSphere Application Server packaged with Tivoli Directory Server, apply the latest recommended eWAS fix pack.
See Also
http://www-01.ibm.com/support/docview.wss?uid=swg21404665
http://www-01.ibm.com/support/docview.wss?uid=swg27009778
http://www-01.ibm.com/support/docview.wss?uid=swg27004980
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27014463#7009
Plugin Details
Severity: Medium
ID: 45431
File Name: websphere_7_0_0_9.nasl
Version: 1.14
Type: remote
Family: Web Servers
Published: 4/6/2010
Updated: 8/6/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.0
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: cpe:/a:ibm:websphere_application_server
Required KB Items: www/WebSphere
Exploit Ease: No known exploits are available
Patch Publication Date: 3/29/2009
Vulnerability Publication Date: 3/29/2010
Reference Information
CVE: CVE-2010-0768, CVE-2010-0769, CVE-2010-0770
BID: 39051, 39056, 39295, 39567
Secunia: 39140