 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.806824 |
| Categoría: | Web Servers |
| Título: | IBM WebSphere Application Server Multiple Vulnerabilities (swg21611313) |
| Resumen: | IBM WebSphere Application Server is prone to multiple; vulnerabilities. |
| Descripción: | Summary: IBM WebSphere Application Server is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An improper validation of credentials. - No CBIND checks when configuring Federated Repositories for IIOP connections and Optimized Local Adapters. - No purging of password data from the authentication cache, which has unspecified impact and remote attack vectors. - The some cross site request forgery vulnerability. - An error in administrative console. Vulnerability Impact: Successful exploitation will allow remote attacker to traverse directories on the system, to bypass security restrictions, to hijack a valid user's session and leads to information disclosure. Affected Software/OS: IBM WebSphere Application Server version 6.1.x prior to 6.1.0.45, 7.0.x prior to 7.0.0.25, 8.0.x prior to 8.0.0.5 and 8.5.x prior to 8.5.0.1. Solution: Update to version 6.1.0.45, 7.0.0.25, 8.0.0.5, 8.5.0.1 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-3306 AIX APAR: PM66514 http://www-01.ibm.com/support/docview.wss?uid=swg1PM66514 XForce ISS Database: was-multidomain-password-cache(77478) https://exchange.xforce.ibmcloud.com/vulnerabilities/77478 Common Vulnerability Exposure (CVE) ID: CVE-2012-3304 AIX APAR: PM54356 http://www-01.ibm.com/support/docview.wss?uid=swg1PM54356 http://osvdb.org/85733 XForce ISS Database: was-isc-session-hijacking(77476) https://exchange.xforce.ibmcloud.com/vulnerabilities/77476 Common Vulnerability Exposure (CVE) ID: CVE-2012-3311 AIX APAR: PM61388 http://www-01.ibm.com/support/docview.wss?uid=swg1PM61388 BugTraq ID: 55671 http://www.securityfocus.com/bid/55671 XForce ISS Database: was-cbind-iiop(77697) https://exchange.xforce.ibmcloud.com/vulnerabilities/77697 Common Vulnerability Exposure (CVE) ID: CVE-2012-3325 AIX APAR: PM71296 http://www-01.ibm.com/support/docview.wss?uid=swg1PM71296 BugTraq ID: 55309 http://www.securityfocus.com/bid/55309 http://www.securitytracker.com/id?1027462 http://secunia.com/advisories/54971 http://secunia.com/advisories/55115 XForce ISS Database: was-pm44303-security-bypass(77959) https://exchange.xforce.ibmcloud.com/vulnerabilities/77959 Common Vulnerability Exposure (CVE) ID: CVE-2012-4853 AIX APAR: PM62920 http://www-01.ibm.com/support/docview.wss?uid=swg1PM62920 BugTraq ID: 56458 http://www.securityfocus.com/bid/56458 XForce ISS Database: was-wasrequrl-csrf(79598) https://exchange.xforce.ibmcloud.com/vulnerabilities/79598 |
| Copyright | Copyright (C) 2016 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |