Vulnerabilities > CVE-2011-1318 - Resource Management Errors vulnerability in IBM Websphere Application Server

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
ibm
CWE-399
nessus

Summary

Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.

Vulnerable Configurations

Part Description Count
Application
Ibm
173

Common Weakness Enumeration (CWE)

Nessus

NASL familyWeb Servers
NASL idWEBSPHERE_7_0_0_15.NASL
descriptionIBM WebSphere Application Server 7.0 before Fix Pack 15 appears to be running on the remote host. As such, it is reportedly affected by the following vulnerabilities : - A double free error in BBOOORBR control block could trigger a denial of service condition. (PM17170) - A cross-site scripting vulnerability exists in the web container. (PM18512) - It is possible for authenticated users to trigger a DoS condition by using Lightweight Third-Party Authentication (LTPA) tokens for authentication. (PM18644) - Sensitive wsadmin command parameters are included in trace files, which could result in an information disclosure vulnerability. (PM18736) - A memory leak in
last seen2020-06-01
modified2020-06-02
plugin id52615
published2011-03-10
reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/52615
titleIBM WebSphere Application Server 7.0 < Fix Pack 15 Multiple Vulnerabilities