IBM WebSphere Application Server < 6.1.0.15 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 4424

Synopsis

The remote application server is affected by multiple vulnerabilities.

Description

IBM WebSphere Application Server 6.1 before Fix Pack 15 appears to be running on the remote host. Such versions are reportedly affected by the following vulnerabilities :

- There is an unspecified security exposure in wsadmin (PK45726).

- Sensitive information might appear in clear text in the http_plugin.log file (PK48785).

- There is an unspecified potential security exposure in the 'PropFilePasswordEncoder' utility (PK52709).

- There is an unspecified potential security exposure with 'serveServletsByClassnameEnabled' (PK52059).

- Sensitive information may appear in plain text in startserver.log (PK53198).

Solution

Apply Fix Pack 15 (6.1.0.15) or higher.

See Also

http://www-1.ibm.com/support/docview.wss?uid=swg27007951

http://www.securityfocus.com/bid/28216

Plugin Details

Severity: High

ID: 4424

Family: Web Servers

Published: 3/12/2008

Updated: 3/6/2019

Nessus ID: 45422

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server

Reference Information

CVE: CVE-2008-0740, CVE-2008-7274

BID: 28216