Detections
Analytics
IBM WebSphere Application Server 8.0 < Fix Pack 4 Multiple Vulnerabilities
medium Nessus Plugin ID 61459
Language:
Synopsis
The remote application server may be affected by multiple vulnerabilities.Description
IBM WebSphere Application Server 8.0 before Fix Pack 4 appears to be running on the remote host and is potentially affected by the following vulnerabilities :- An input validation error exists related to the 'Eclipse Help System' that can allow arbitrary redirect responses to HTTP requests. (CVE-2012-2159, CVE-2012-2161, PM62795)
- An error exists related to 'Application Snoop Servlet' and missing access controls. This error can allow sensitive information to be disclosed. Note that exploiting this issue requires that the default 'Application Snoop Servlet' be installed and running.
(CVE-2012-2170, PM56183)
- Several errors exist related to SSL/TLS that can allow an attacker to carry out denial of service attacks against the application. (CVE-2012-2190, CVE-2012-2191, PM66218)
- Unspecified cross-site scripting issues exist related to the administrative console. (CVE-2012-3293, PM60839)
Solution
Apply Fix Pack 4 for version 8.0 (8.0.0.4) or later.See Also
http://www-01.ibm.com/support/docview.wss?uid=swg21606096
http://www-01.ibm.com/support/docview.wss?uid=swg27022958#8004
Plugin Details
Severity: Medium
ID: 61459
File Name: websphere_8_0_0_4.nasl
Version: 1.13
Type: remote
Family: Web Servers
Published: 8/9/2012
Updated: 12/4/2019
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.7
CVSS v2
Risk Factor: Medium
Base Score: 5.8
Temporal Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS Score Source: CVE-2012-2159
Vulnerability Information
CPE: cpe:/a:ibm:websphere_application_server
Required KB Items: www/WebSphere
Exploit Ease: No known exploits are available
Patch Publication Date: 8/6/2012
Vulnerability Publication Date: 5/29/2012
Reference Information
CVE: CVE-2012-2159, CVE-2012-2161, CVE-2012-2170, CVE-2012-2190, CVE-2012-2191, CVE-2012-3293