IBM WebSphere Application Server 6.1 < Fix Pack 19 Unspecified Vulnerability

medium Nessus Network Monitor Plugin ID 4685

Synopsis

The remote application server is affected by an unspecified vulnerability.

Description

IBM WebSphere Application Server 6.1 before Fix Pack 19 appears to be running on the remote host. Such versions reportedly have an as-yet unspecified security exposure when the 'FileServing' feature in the Servlet Engine / Web Container component is enabled. (PK64302).

Solution

Apply Fix Pack 19 (6.1.0.19) or higher.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg27007951#61019

http://www.securityfocus.com/bid/31186

Plugin Details

Severity: Medium

ID: 4685

Family: Web Servers

Published: 9/17/2008

Updated: 3/6/2019

Nessus ID: 34219

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:websphere_application_server

Reference Information

CVE: CVE-2008-4111, CVE-2008-4283, CVE-2008-4284, CVE-2009-0432, CVE-2009-0433, CVE-2009-0434, CVE-2009-0435, CVE-2009-0436, CVE-2009-0438

BID: 31186, 33700