Summary
The host is running IBM WebSphere Application Server and is prone to directory traversal vulnerability.
Impact
Successful exploitation will allow attackers to read arbitrary files on the affected application and obtain sensitive information that may lead to further attacks.
Impact Level: Application
Solution
Upgrade IBM WebSphere Application Server to 6.1.0.41 or 7.0.0.19 or 8.0.0.1
For updates refer to http://www-01.ibm.com/support/docview.wss?uid=swg24028875
Insight
The flaw is due to error in administration console which fails to handle certain requests. This allows remote attackers to read arbitrary files via a '../' (dot dot) in the URI.
Affected
IBM WebSphere Application Server versions 6.1 before 6.1.0.41, 7.0 before 7.0.0.19 and 8.0 before 8.0.0.1
References
Severity
Classification
-
CVE CVE-2011-1359 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities