The host is running IBM WebSphere Application Server and is prone to multiple vulnerabilities.
Successful exploitation will let attackers to gain privileges or cause a denial of service. Impact Level: Application
Upgrade to IBM WebSphere Application Server version 188.8.131.52 or 184.108.40.206, http://www-01.ibm.com/support/docview.wss?uid=swg24028875
- Memory leak in 'com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl' in the JavaServer Pages (JSP) component allows remote attackers to cause a denial of service by sending many JSP requests that trigger large responses. - The AuthCache purge implementation in the Security component does not purge a user from the PlatformCredential cache, which allows remote authenticated users to gain privileges by leveraging a group membership specified in an old RACF Object. - The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component allows remote attackers to cause a denial of service via encrypted SOAP messages.
IBM WebSphere Application Server versions 6.1.0.x before 220.127.116.11 and 7.x before 18.104.22.168
Updated on 2015-03-25
- IBM WebSphere Application Server JSF Application Information Disclosure Vulnerability
- IBM WebSphere Application Server Multiple CSRF Vulnerabilities
- IBM WebSphere Application Multiple Vulnerabilities Jul-11
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 01 - March 2011
- Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability