what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

IBMWebsphere.txt

IBMWebsphere.txt
Posted May 17, 2006
Site www-1.ibm.com

Some vulnerabilities have been reported in IBM WebSphere Application Server, where some have unknown impacts and others may disclose sensitive information or bypass certain security restrictions.

tags | advisory, vulnerability
SHA-256 | a2485359983660b69a1b5e23d5c2fabe5313cf55d7351be5bfdbf43c4171c5f1

IBMWebsphere.txt

Change Mirror Download
Impact: Unknown
Security Bypass
Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch

Description:
Some vulnerabilities have been reported in IBM WebSphere Application Server, where some have unknown impacts and others may disclose sensitive information or bypass certain security restrictions.

1) An unspecified security/integrity exposure exists in the HTTP request handlers.

This has been reported in version 6.0.2.x.

2) User credentials may be written into the "addNode.log" file in plain text when adding the base node into the deployment manager.

This has been reported in versions 5.0.2.x, 5.1.1.x, and 6.0.2.x.

3) An unspecified security issue affects the SOAP port.

This has been reported in versions 5.0.2.x and 6.0.2.x.

4) An unspecified vulnerability exists in the administrative console.

This has been reported in version 6.0.2.x.

5) An error in the WebSphere Common Configuration Mode and CommonArchive and J2EE Models may cause sensitive information to be displayed in the trace.

This has been reported in version 5.1.1.x.

6) A manipulated LTPA token from subjects credential can be exploited to access an EJB on Solaris systems.

Successful exploitation requires that LTPA authentication is used.

This has been reported in versions 5.0.2.x and 5.1.1.x.

7) An error may cause unintended execution of scripts when inserting certain script tags in URLs.

This has been reported in versions 5.0.2.x and 5.1.1.x.

Other issues, where some may be security-related, have also been reported.

Solution:
Apply patches.

Version 6.0.2 Fix Pack 9 (6.0.2.9):
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064

Version 5.1.1 Cumulative Fix 10 ():
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012009

Version 5.0.2 Cumulative Fix 16 (5.0.2.16):
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24011773

Provided and/or discovered by:
Reported by the vendor

Reported by SnoB

SnoBmsn[at]hotmail[dot]com
Cyber-Security | Cyber-Warrior
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close