IBM WebSphere Application Server Multiple Remote Vulnerabilities

Bugtraq ID:	21636
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Dec 18 2006 12:00AM
Updated:	Dec 18 2006 06:23PM
Credit:	The vendor disclosed these issues.
Vulnerable:	IBM Websphere Application Server 6.0.2 .9 IBM Websphere Application Server 6.0.2 .7 IBM Websphere Application Server 6.0.2 .5 IBM Websphere Application Server 6.0.2 .3 IBM Websphere Application Server 6.0.2 .15 IBM Websphere Application Server 6.0.2 .13 IBM Websphere Application Server 6.0.2 .11 IBM Websphere Application Server 6.0.2 .1 IBM Websphere Application Server 6.0.2 IBM Websphere Application Server 6.0
Not Vulnerable:	IBM Websphere Application Server 6.0.2 Fix Pack 17

IBM WebSphere Application Server Multiple Remote Vulnerabilities

IBM WebSphere Application Server is prone to multiple remote vulnerabilities, ncluding an information-disclosure issue and an unspecified error due to a design flaw.

An attacker can exploit the information-disclosure issue to gain access to sensitive information. Very little information is known about the second issue. This BID will be updated as soon as more information becomes available.

Versions prior to 6.0.2 Fix Pack 17 are vulnerable to these issues.

IBM WebSphere Application Server Multiple Remote Vulnerabilities

Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

An attacker may be able to use a web client to exploit these issues.

IBM WebSphere Application Server Multiple Remote Vulnerabilities

Solution:
IBM has released an update to address this issue. Please see the references for more information.

IBM WebSphere Application Server Multiple Remote Vulnerabilities

References:

• WebSphere Product Page (IBM)