Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.801862
Kategorie:Web Servers
Titel:IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 01 - March 2011
Zusammenfassung:The host is running IBM WebSphere Application Server and is prone to multiple; vulnerabilities.
Beschreibung:Summary:
The host is running IBM WebSphere Application Server and is prone to multiple
vulnerabilities.

Vulnerability Insight:
- The Administrative Scripting Tools component, when tracing is enabled,
places wsadmin command parameters into the 'wsadmin.traceout' and 'trace.log' files, which allows local
users to obtain potentially sensitive information by reading these files.

- A double free error which allows remote backend IIOP servers to cause a
denial of service by rejecting IIOP requests at opportunistic time instants.

- The Security component allows remote authenticated users to cause a denial
of service by using a Lightweight Third-Party Authentication (LTPA) token for authentication.

- The Security component does not properly delete AuthCache entries upon a
logout, which might allow remote attackers to access the server by
leveraging an unattended workstation.

Vulnerability Impact:
Successful exploitation will let attackers to obtain sensitive information
and cause a denial of service.

Affected Software/OS:
IBM WebSphere Application Server versions 6.1.0.x before 6.1.0.35 and
7.x before 7.0.0.15.

Solution:
Upgrade to IBM WebSphere Application Server version 6.1.0.35 or 7.0.0.15.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-1310
AIX APAR: PM18736
http://www-01.ibm.com/support/docview.wss?uid=swg1PM18736
Common Vulnerability Exposure (CVE) ID: CVE-2011-1313
AIX APAR: PM17170
http://www-01.ibm.com/support/docview.wss?uid=swg1PM17170
Common Vulnerability Exposure (CVE) ID: CVE-2011-1319
AIX APAR: PM18644
http://www-01.ibm.com/support/docview.wss?uid=swg1PM18644
Common Vulnerability Exposure (CVE) ID: CVE-2011-1320
AIX APAR: PM21536
http://www-01.ibm.com/support/docview.wss?uid=swg1PM21536
CopyrightCopyright (C) 2011 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.