>> IBM WebSphere Application Server Security Bypass and Information Disclosure Issues
Title : IBM WebSphere Application Server Security Bypass and Information Disclosure Issues VUPEN ID : VUPEN/ADV-2006-3262 CVE ID : CVE-2006-4136 - CVE-2006-4137
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-08-11
Technical Description
Multiple vulnerabilities have been identified in IBM WebSphere Application Server, which could be exploited by attackers to bypass security restrictions or disclose sensitive information.
The first issue is due to errors when handling soap requests and responses.
The second flaw is due to an unspecified error in ThreadIdentitySupport.
The third vulnerability is due to an unspecified error in mbean.
The fourth flaw is due to a design error where sensitive information is exposed in log files, in the trace, and via the wsadmin command line.
