Release date:
Updated on: 2012-06-04
Affected Systems:
IBM Websphere Application Server 8.0
IBM Websphere Application Server 7.0
IBM Websphere Application Server 6.1
Unaffected system:
IBM Websphere Application Server 8.0.0.4
IBM Websphere Application Server 7.0.0.23
IBM Websphere Application Server 6.1.0.45
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53755
Cve id: CVE-2012-2170
IBM WebSphere Application Server (WAS) is an Application Server developed and released by IBM following open standards such as Java EE, XML, and Web Services. Compatible Web servers include Apache HTTP Server, Netscape Enterprise Server, Microsoft Internet Information Services (IIS), and ibm http Server.
When the Default Application Snoop Servlet is enabled in WAS 6.1, 7.0, and 8.0, access control is missing. This vulnerability allows attackers to access sensitive information through direct requests.
<* Source: vendor
Link: http://xforce.iss.net/xforce/xfdb/75234
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.ers.ibm.com/
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
