Summary
The host is running IBM WebSphere Application Server and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to gain privileges or cause a denial of service.
Impact Level: Application
Solution
Upgrade to IBM WebSphere Application Server version 6.1.0.37 or 7.0.0.15, http://www-01.ibm.com/support/docview.wss?uid=swg24028875
Insight
- Memory leak in 'com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl' in the JavaServer Pages (JSP) component allows remote attackers to cause a denial of service by sending many JSP requests that trigger large responses.
- The AuthCache purge implementation in the Security component does not purge a user from the PlatformCredential cache, which allows remote authenticated users to gain privileges by leveraging a group membership specified in an old RACF Object.
- The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component allows remote attackers to cause a denial of service via encrypted SOAP messages.
Affected
IBM WebSphere Application Server versions 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-1317, CVE-2011-1321, CVE-2011-1322 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows)
- IOServer Trailing Backslash Multiple Directory Traversal Vulnerabilities
- Apache Traffic Server HTTP TRACE Request Remote DoS Vulnerability
- LiteSpeed Web Server Source Code Information Disclosure Vulnerability
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 01 - March 2011