VUPEN Security - IBM Websphere Application Server Security Bypass and Information Disclosure / Exploit (Security Advisories)

	Contact \| Site en Français

Vulnerabilities & Threats

VUPEN Security Advisories

Linux Security Advisories

Malware Advisories

Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> IBM Websphere Application Server Security Bypass and Information Disclosure

Title : IBM Websphere Application Server Security Bypass and Information Disclosure
VUPEN ID : VUPEN/ADV-2006-1736
CVE ID : CVE-2006-2429 - CVE-2006-2430 - CVE-2006-2431 - CVE-2006-2432 - CVE-2006-2433 - CVE-2006-2434 - CVE-2006-2435 - CVE-2006-2436
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-05-09

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

Multiple vulnerabilities have been identified in IBM Websphere Application Server, which could be exploited by attackers to bypass security restrictions or disclose sensitive information. These flaws are due to errors in the deployment manager, HTTP request handlers, SOAP port, administrative console, WebSphere Common Configuration Mode and CommonArchive and J2EE Models, and when handling malformed LTPA tokens or script tags.

Affected Products

IBM WebSphere Application Server 6.x
IBM WebSphere Application Server 5.x

Solution

IBM WebSphere Application Server 6.0.2 - Apply Fix Pack 9 (6.0.2.9) :
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064

IBM WebSphere Application Server 5.1.1 - Apply Cumulative Fix 12 (5.1.1.12) :
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27004980

IBM WebSphere Application Server 5.0.2 - Apply Cumulative Fix 16 (5.0.2.17) :
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24011773

References

http://www.vupen.com/english/advisories/2006/1736
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006881
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006879

Credits

Vulnerabilities reported by the vendor

ChangeLog

2006-05-09 : Initial release
2006-05-15 : Updated Solution

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

Vulnerability Alerting

Free 14-Day Trial

Latest News

>> 2009-07-06

Microsoft Windows 0-Day
Flaw Exploited in the Wild

>> 2009-06-10

VUPEN Security Research
Discovered Critical Flaws
in Adobe Acrobat and MS
Office Word

>> 2009-06-02

VUPEN Security Research
Discovered Critical Flaws
in ACDSee Products

>> 2009-05-22

VUPEN Discovered Two
Critical Vulnerabilities in
Novell GroupWise 8 / 7

More Informations