Summary
The host is running IBM WebSphere Application Server and is prone to directory traversal vulnerability.
Impact
Successful exploitation will allow attackers to read arbitrary files on the affected application and obtain sensitive information that may lead to further attacks.
Impact Level: Application
Solution
Upgrade IBM WebSphere Application Server to 6.1.0.41 or 7.0.0.19 or 8.0.0.1
For updates refer to http://www-01.ibm.com/support/docview.wss?uid=swg24028875
Insight
The flaw is due to error in administration console which fails to handle certain requests. This allows remote attackers to read arbitrary files via a '../' (dot dot) in the URI.
Affected
IBM WebSphere Application Server versions 6.1 before 6.1.0.41, 7.0 before 7.0.0.19 and 8.0 before 8.0.0.1
References
Severity
Classification
-
CVE CVE-2011-1359 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Tomcat Session Fixation Vulnerability (Windows)
- Cherokee Terminal Escape Sequence in Logs Command Injection Vulnerability
- Acritum Femitter Server HTTP Request Remote File Disclosure Vulnerability
- Apache Tomcat Denial Of Service Vulnerability (Windows)
- IBM WebSphere Application Server Hash Collisions DOS Vulnerability