The host is running IBM WebSphere Application Server and is prone to multiple vulnerabilities.
Successful exploitation will let attackers to execute arbitrary script code, steal cookie-based authentication credentials, obtain sensitive information, and perform unauthorized actions. Impact Level: Application
Upgrade to IBM WebSphere Application Server version 126.96.36.199 or later, http://www-01.ibm.com/support/docview.wss?uid=swg24028875
- An error in the installer that creates a temporary directory for logs with insecure permissions. - An input validation error in the IVT application, which could allow cross site scripting attacks. - An error related to trace requests handling in the plug-in component. - The Security component when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file allows remote authenticated users to gain privileges. - The Service Integration Bus (SIB) messaging engine allows remote attackers to cause a denial of service by performing close operations via network connections to a queue manager. - Memory leak in the messaging engine allows remote attackers to cause a denial of service via network connections associated with a NULL return value from a synchronous JMS receive call. - The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component allows remote attackers to cause a denial of service by sending many UDP messages. - Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component allows remote attackers to cause a denial of service by accessing a JSP page of an application that is repeatedly stopped and restarted.
IBM WebSphere Application Server versions prior to 188.8.131.52.
CVE CVE-2011-1307, CVE-2011-1308, CVE-2011-1309, CVE-2011-1311, CVE-2011-1314, CVE-2011-1315, CVE-2011-1316, CVE-2011-1318
CVSS Base Score: 7.5