IBM WebSphere Application Server 8.0 < Fix Pack 4 Multiple Vulnerabilities

NASLDB: IBM WebSphere Application Server 8.0 < Fix Pack 4 Multiple Vulnerabilities

General

ID: 61459
Name: IBM WebSphere Application Server 8.0 < Fix Pack 4 Multiple Vulnerabilities

Summary: Reads the version number from the SOAP port

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Port: 8880
Family: Web Servers
Type: Remote

Description

IBM WebSphere Application Server 8.0 before Fix Pack 4 appears to be
running on the remote host and is potentially affected by the
following vulnerabilities :

– An input-validation error exists related to the ‘Eclipse
Help System’ that can allow arbitrary redirect responses
to HTTP requests. (CVE-2012-2159, CVE-2012-2161,
PM62795)

– An error exists related to ‘Application Snoop Servlet’
and missing access controls. This error can allow
sensitive information to be disclosed. Note that
exploiting this issue requires that the default
‘Application Snoop Servlet’ be installed and running.
(CVE-2012-2170, PM56183)

– Several errors exist related to SSL/TLS that can allow
an attacker to carry out denial of service attacks
against the application. (CVE-2012-2190, CVE-2012-2191,
PM66218)

– Unspecified cross-site scripting issues exist related to
the administrative console. (CVE-2012-3293, PM60839)