IBM WebSphere Application Multiple Vulnerabilities Jul-11 Network Vulnerability

Summary

The host is running IBM WebSphere Application Server and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow remote users to gain sensitive information to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage parameter. Impact Level: Application

Solution

Upgrade to BM WebSphere Application Server 6.1.0.39 or 7.0.0.19 For updates refer to http://www-01.ibm.com/software/webservers/appserv/was/

Insight

Multiple flaws are due to an error in, - handling 'logoutExitPage' parameter, which allows to bypass security restrictions. - handling Administration Console requests, which allows local attacker to obtain sensitive information.

Affected

IBM WebSphere Application Server 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19

References

http://www-01.ibm.com/support/docview.wss?uid=swg1PM42436
http://xforce.iss.net/xforce/xfdb/68570
http://xforce.iss.net/xforce/xfdb/68571

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1355, CVE-2011-1356
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Apache Traffic Server HTTP TRACE Request Remote DoS Vulnerability
Codebrws.asp Source Disclosure Vulnerability
Aspen Sever Directory Traversal Vulnerability
Check for IIS .cnf file leakage
Apache Tomcat Multiple Security Bypass Vulnerabilities (Windows)

Take action and discover your vulnerabilities