Summary
The host is running IBM WebSphere Application Server and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote users to gain sensitive information to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage parameter.
Impact Level: Application
Solution
Upgrade to BM WebSphere Application Server 6.1.0.39 or 7.0.0.19 For updates refer to http://www-01.ibm.com/software/webservers/appserv/was/
Insight
Multiple flaws are due to an error in,
- handling 'logoutExitPage' parameter, which allows to bypass security restrictions.
- handling Administration Console requests, which allows local attacker to obtain sensitive information.
Affected
IBM WebSphere Application Server 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19
References
Severity
Classification
-
CVE CVE-2011-1355, CVE-2011-1356 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:N/I:P/A:P
Related Vulnerabilities
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 01 - March 2011
- jHTTPd Directory Traversal Vulnerability
- Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability
- bozohttpd Security Bypass Vulnerability
- IBM WebSphere Application Server JSF Application Information Disclosure Vulnerability