Detections
Analytics

IBM WebSphere Application Server Multiple Vulnerabilities

medium Nessus Plugin ID 57826

Language:

Synopsis

The remote application server is susceptible to an insecure file permission vulnerability, a cross-site scripting attack, and other unspecified vulnerabilities.

Description

The version of IBM WebSphere application server running on the remote host is potentially affected by multiple vulnerabilities :

 - An insecure file permission vulnerability that only affects WebSphere Application Server running on the IBM i platform. A local attacker may be able to exploit this issue to obtain potentially sensitive information or modify files in certain directories. (CVE-2011-1376)

 - Cross-site scripting and other unspecified vulnerabilities affecting the z/OS platform.

Solution

Apply Fix Pack 43 for 6.1 / 21 for 7.0 / 2 for 8.0 or later.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg24031675

Plugin Details

Severity: Medium

ID: 57826

File Name: websphere_iscdeploy_permissions.nasl

Version: 1.8

Type: remote

Family: Web Servers

Published: 2/4/2012

Updated: 8/6/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server

Required KB Items: www/WebSphere

Exploit Ease: No known exploits are available

Patch Publication Date: 1/16/2012

Vulnerability Publication Date: 1/19/2012

Reference Information

CVE: CVE-2011-1376

BID: 51420, 51414

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990