Release date:
Updated on:
Affected Systems:
IBM Websphere Application Server 8.5.x
IBM Websphere Application Server 8.0.x
IBM Websphere Application Server 7.0.x
IBM Websphere Application Server 6.1.x
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2012-3311
IBM WebSphere Application Server (WAS) is an Application Server developed and released by IBM in compliance with open standards.
IBM WebSphere Application Server for z/OS 8.5, 8.0-8.0.0.4, 7.0-7.0.0.23, and 6.1.0-6.1.0.43 have errors when performing the CBIND check. After successful exploitation, you can bypass certain security restrictions, attackers can access or modify invalid application data.
<* Source: vendor
Link: http://secunia.com/advisories/50751/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.ers.ibm.com/