IBM WebSphere Multiple Remote Vulnerabilities

Bugtraq ID:	22089
Class:	Unknown
CVE:
Remote:	Yes
Local:	No
Published:	Jan 15 2007 12:00AM
Updated:	Jan 17 2007 05:30PM
Credit:	The vendor disclosed these issues.
Vulnerable:	IBM Websphere Application Server 6.1 .4 IBM Websphere Application Server 6.1 .3 IBM Websphere Application Server 6.1 .2 IBM Websphere Application Server 6.1 .1 IBM Websphere Application Server 6.1
Not Vulnerable:	IBM Websphere Application Server 6.1 .5

IBM WebSphere Multiple Remote Vulnerabilities

IBM WebSphere Application Server is prone to multiple remote vulnerabilities, including two information-disclosure issues and an unspecified security issue.

An attacker can exploit the information-disclosure issues to gain access to sensitive information. Very little information is known about the third issue. This BID will be updated as soon as more information becomes available.

Versions prior to 6.1.0.5 are vulnerable to these issues.

IBM WebSphere Multiple Remote Vulnerabilities

Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

An attacker may be able to use a web client to exploit these issues.

IBM WebSphere Multiple Remote Vulnerabilities

Solution:
IBM has released an update (6.1.0.5) to address these issues. Please see the references for more information.

IBM WebSphere Multiple Remote Vulnerabilities

References:

• WebSphere Product Page (IBM)
  
• 6.1.0.5: WebSphere Application Server V6.1.0 Fix Pack 5 for Windows (IBM)