IBM WebSphere Application Server ‘IsSecurityEnabled’标记信息泄漏漏洞

发表评论 (0) 查看评论

漏洞起因
配置错误
 
影响系统
IBM Websphere Application Server 7.0 3
IBM Websphere Application Server 7.0 1
IBM Websphere Application Server 6.1 23
IBM Websphere Application Server 6.1 22
IBM Websphere Application Server 6.1 21
IBM Websphere Application Server 6.1 20
IBM Websphere Application Server 6.1 19
IBM Websphere Application Server 6.1 18
IBM Websphere Application Server 6.1 17
IBM Websphere Application Server 6.1 15
IBM Websphere Application Server 6.1 13
IBM Websphere Application Server 6.1 12
IBM Websphere Application Server 6.1 10
IBM Websphere Application Server 6.1 .9
IBM Websphere Application Server 6.1 .7
IBM Websphere Application Server 6.1 .6
IBM Websphere Application Server 6.1 .5
IBM Websphere Application Server 6.1 .3
IBM Websphere Application Server 6.1 .2
IBM Websphere Application Server 6.1 .14
IBM Websphere Application Server 6.1 .1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 7.0
 
不受影响系统
IBM Websphere Application Server 7.0 5
IBM Websphere Application Server 6.1 25
 
危害
远程攻击者可以利用漏洞获得敏感信息。
 
攻击所需条件
攻击者必须访问IBM WebSphere Application Server。
 
漏洞信息
IBM WebSphere Application Server是一款商业性质的WEB应用服务程序。
WebSphere Member Manager (WMM)迁移到Virtual Member Manager (VMM)时,不安全设置配置标记,可导致敏感信息泄漏。
 
测试方法
 
厂商解决方案
可参考如下补丁程序:
IBM Websphere Application Server 7.0
IBM 7.0.0.0-WS-WAS-IFPK78134.pak
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PK 78134/7.0.0.0-WS-WAS-IFPK78134.pak
IBM Websphere Application Server 6.1 13
IBM 6.1.0.0-WS-WAS-IFPK78134.pak
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PK 78134/6.1.0.0-WS-WAS-IFPK78134.pak
IBM Websphere Application Server 6.1
IBM 6.1.0.0-WS-WAS-IFPK78134.pak
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PK 78134/6.1.0.0-WS-WAS-IFPK78134.pak
IBM Websphere Application Server 6.1 .2
IBM 6.1.0.0-WS-WAS-IFPK78134.pak
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PK 78134/6.1.0.0-WS-WAS-IFPK78134.pak
IBM Websphere Application Server 6.1 19
IBM 6.1.0.0-WS-WAS-IFPK78134.pak
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PK 78134/6.1.0.0-WS-WAS-IFPK78134.pak
IBM Websphere Application Server 6.1 23
IBM 6.1.0.0-WS-WAS-IFPK78134.pak
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PK 78134/6.1.0.0-WS-WAS-IFPK78134.pak
IBM Websphere Application Server 6.1 .7
IBM 6.1.0.0-WS-WAS-IFPK78134.pak
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PK 78134/6.1.0.0-WS-WAS-IFPK78134.pak
IBM Websphere Application Server 6.1 .6
IBM 6.1.0.0-WS-WAS-IFPK78134.pak
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PK 78134/6.1.0.0-WS-WAS-IFPK78134.pak
IBM Websphere Application Server 6.1 17
IBM 6.1.0.0-WS-WAS-IFPK78134.pak
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PK 78134/6.1.0.0-WS-WAS-IFPK78134.pak
IBM Websphere Application Server 6.1 .1
IBM 6.1.0.0-WS-WAS-IFPK78134.pak
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PK 78134/6.1.0.0-WS-WAS-IFPK78134.pak
IBM Websphere Application Server 6.1 .5
IBM 6.1.0.0-WS-WAS-IFPK78134.pak
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PK 78134/6.1.0.0-WS-WAS-IFPK78134.pak
IBM Websphere Application Server 6.1 10
IBM 6.1.0.0-WS-WAS-IFPK78134.pak
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PK 78134/6.1.0.0-WS-WAS-IFPK78134.pak
IBM Websphere Application Server 6.1 18
IBM 6.1.0.0-WS-WAS-IFPK78134.pak
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PK 78134/6.1.0.0-WS-WAS-IFPK78134.pak
IBM Websphere Application Server 6.1 20
IBM 6.1.0.0-WS-WAS-IFPK78134.pak
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PK 78134/6.1.0.0-WS-WAS-IFPK78134.pak
IBM Websphere Application Server 6.1 22
IBM 6.1.0.0-WS-WAS-IFPK78134.pak
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PK 78134/6.1.0.0-WS-WAS-IFPK78134.pak
IBM Websphere Application Server 6.1 12
IBM 6.1.0.0-WS-WAS-IFPK78134.pak
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PK 78134/6.1.0.0-WS-WAS-IFPK78134.pak
IBM Websphere Application Server 6.1 .14
IBM 6.1.0.0-WS-WAS-IFPK78134.pak
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PK 78134/6.1.0.0-WS-WAS-IFPK78134.pak
IBM Websphere Application Server 6.1 .9
IBM 6.1.0.0-WS-WAS-IFPK78134.pak
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PK 78134/6.1.0.0-WS-WAS-IFPK78134.pak
IBM Websphere Application Server 6.1 .3
IBM 6.1.0.0-WS-WAS-IFPK78134.pak
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PK 78134/6.1.0.0-WS-WAS-IFPK78134.pak
IBM Websphere Application Server 6.1 21
IBM 6.1.0.0-WS-WAS-IFPK78134.pak
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PK 78134/6.1.0.0-WS-WAS-IFPK78134.pak
IBM Websphere Application Server 6.1 15
IBM 6.1.0.0-WS-WAS-IFPK78134.pak
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PK 78134/6.1.0.0-WS-WAS-IFPK78134.pak
IBM Websphere Application Server 7.0 1
IBM 7.0.0.0-WS-WAS-IFPK78134.pak
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PK 78134/7.0.0.0-WS-WAS-IFPK78134.pak
IBM Websphere Application Server 7.0 3
IBM 7.0.0.0-WS-WAS-IFPK78134.pak
ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/PK 78134/7.0.0.0-WS-WAS-IFPK78134.pak
 
漏洞提供者
IBM

发表评论?

0 条评论。

发表评论