Web Servers : IBM Websphere Application Server Multiple Vulnerabilities-08 Jan16

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.806834

Kategorie: Web Servers

Titel: IBM Websphere Application Server Multiple Vulnerabilities-08 Jan16

Zusammenfassung: This host is installed with IBM Websphere; application server and is prone to multiple vulnerabilities.

Beschreibung: Summary:
This host is installed with IBM Websphere
application server and is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to:

- An improper checking of the certificate.

- An improper validation of input in the UDDI Administrative console.

Vulnerability Impact:
Successful exploitation will allow remote
attacker to monitor and capture user activity, to traverse directories on the
system, to bypass security restrictions, to hijack a valid user's session,
causes denial of service and leads to information disclosure.

Affected Software/OS:
IBM WebSphere Application Server (WAS)
6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8,
and 8.5 before 8.5.5.1

Solution:
Upgrade to IBM WebSphere Application
Server (WAS) version 6.1.0.47, 7.0.0.31, 8.0.0.8, 8.5.5.1 or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: BugTraq ID: 62338
BugTraq ID: 62336
Common Vulnerability Exposure (CVE) ID: CVE-2013-4052
AIX APAR: PM91892
http://www-01.ibm.com/support/docview.wss?uid=swg1PM91892
XForce ISS Database: was-cve20134052-xss(86504)
https://exchange.xforce.ibmcloud.com/vulnerabilities/86504
Common Vulnerability Exposure (CVE) ID: CVE-2013-4053
AIX APAR: PM90949
http://www-01.ibm.com/support/docview.wss?uid=swg1PM90949
AIX APAR: PM91521
http://www-01.ibm.com/support/docview.wss?uid=swg1PM91521
XForce ISS Database: was-cve20134053-priv-escalation(86505)
https://exchange.xforce.ibmcloud.com/vulnerabilities/86505

Copyright Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.806834
Kategorie:	Web Servers
Titel:	IBM Websphere Application Server Multiple Vulnerabilities-08 Jan16
Zusammenfassung:	This host is installed with IBM Websphere; application server and is prone to multiple vulnerabilities.
Beschreibung:	Summary: This host is installed with IBM Websphere application server and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws exist due to: - An improper checking of the certificate. - An improper validation of input in the UDDI Administrative console. Vulnerability Impact: Successful exploitation will allow remote attacker to monitor and capture user activity, to traverse directories on the system, to bypass security restrictions, to hijack a valid user's session, causes denial of service and leads to information disclosure. Affected Software/OS: IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 Solution: Upgrade to IBM WebSphere Application Server (WAS) version 6.1.0.47, 7.0.0.31, 8.0.0.8, 8.5.5.1 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	BugTraq ID: 62338 BugTraq ID: 62336 Common Vulnerability Exposure (CVE) ID: CVE-2013-4052 AIX APAR: PM91892 http://www-01.ibm.com/support/docview.wss?uid=swg1PM91892 XForce ISS Database: was-cve20134052-xss(86504) https://exchange.xforce.ibmcloud.com/vulnerabilities/86504 Common Vulnerability Exposure (CVE) ID: CVE-2013-4053 AIX APAR: PM90949 http://www-01.ibm.com/support/docview.wss?uid=swg1PM90949 AIX APAR: PM91521 http://www-01.ibm.com/support/docview.wss?uid=swg1PM91521 XForce ISS Database: was-cve20134053-priv-escalation(86505) https://exchange.xforce.ibmcloud.com/vulnerabilities/86505
Copyright	Copyright (C) 2016 Greenbone Networks GmbH