Summary
The host is running IBM WebSphere Application Server and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to conduct cross-site scripting attacks or to obtain sensitive information and cause a denial of service.
Impact Level: Application
Solution
Upgrade to version 6.1.0.41 or later,
For updates refer to http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24031034
Insight
The flaws are due to
- An unspecified error exists in a WS-Security policy enabled Java API for XML Web Services (JAX-WS) application.
- A Certain unspecified input passed to the web messaging component is not properly sanitised before being returned to the user.
- A SibRaRecoverableSiXaResource class in the Default Messaging Component, does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (FFDC) introspection code.
Affected
IBM WebSphere Application Server (WAS) version 6.1 before 6.1.0.41
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2011-1377, CVE-2011-5065, CVE-2011-5066 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Savant Web Server Remote Buffer Overflow Vulnerability
- Weborf 'get_param_value()' Function HTTP Header Handling Denial Of Service Vulnerability
- Microsoft Windows Media Services ISAPI Extension Code Execution Vulnerabilities
- JBoss Enterprise Application Platform Multiple Remote Vulnerabilities
- HP System Management Homepage Multiple Vulnerabilities