IBM WebSphere Application Server Discloses Restricted Files to Remote Users
|
|
SecurityTracker Alert ID: 1025992 |
|
SecurityTracker URL: http://securitytracker.com/id/1025992
|
|
CVE Reference:
CVE-2011-1359
(Links to External Site)
|
Updated: Nov 1 2011
|
Original Entry Date: Aug 30 2011
|
Impact:
Disclosure of system information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 6.1.0.0 through 6.1.0.39, 7.0.0.0 through 7.0.0.18, and 8.0.0.0
|
Description:
A vulnerability was reported in IBM WebSphere Application Server. A remote user can obtain restricted files.
A remote user can exploit a flaw in the Administrative Console servlets to view restricted files on the server.
Javier Castro and sxkeebler of Digital Defense, Inc. reported this vulnerability.
|
Impact:
A remote user can view restricted files.
|
Solution:
The vendor has issued a fix (APAR PM45322).
The vendor's advisory is available at:
http://www-01.ibm.com/support/docview.wss?uid=swg21509257
|
Vendor URL: www-01.ibm.com/support/docview.wss?uid=swg21509257 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any), z/OS
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 30 Aug 2011 18:55:42 +0000
Subject: IBM WebSphere Application Server
|
http://www-01.ibm.com/support/docview.wss?uid=swg21509257
|
|
