U radu poslužitelja IBM WebSphere Application Server Community Edition uočen je sigurnosni propust. Zasad nije poznato kakve posljedice može imati eventualna uspješna zlouporaba.
Paket:
IBM WebSphere Application Server Community Edition 1.x
Operacijski sustavi:
Microsoft Windows 95, Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Me, Microsoft Windows XP, Microsoft Windows Server 2003, Microsoft Windows Vista, Microsoft Windows Server 2008, Microsoft Windows 7
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
lokalno/udaljeno
Posljedica:
neovlašteni pristup sustavu
Rješenje:
programska zakrpa proizvođača
Izvorni ID preporuke:
SA45840
Izvor:
Secunia
Problem:
Propust je posljedica nespecificirane pogreške u Tomcat Webdav Servlet implementaciji.
Posljedica:
Zasad nije poznato na koji način bi zlonamjerni korisnici mogli iskoristiti propust.
Rješenje:
Korisnicima se savjetuje instalacija odgovarajuće nadogradnje prema uputama u izvornoj preporuci.
IBM WebSphere Application Server Community Edition Unspecified Vulnerability
Secunia Advisory SA45840
Release Date 2011-08-31
Criticality level Moderately criticalModerately critical
Impact Unknown
Where From remote
Authentication level Available in Customer Area
Report reliability Available in Customer Area
Solution Status Vendor Patch
Systems affected Available in Customer Area
Approve distribution Available in Customer Area
Software:
IBM WebSphere Application Server Community Edition 1.x
Secunia CVSS Score Available in Customer Area
CVE Reference(s) No CVE references.
Description
A vulnerability with an unknown impact has been reported in IBM WebSphere Application Server Community Edition.
The vulnerability is caused due to an unspecified error in the implementation of the Tomcat Webdav Servlet. No further information is currently available.
Successful exploitation requires the servlet to be write-enabled.
The vulnerability is reported in version 1.1.0.2.
Solution
Update the Tomcat Webdav Servlet to version 5.5.15-142. Please see vendor's advisory for further details.
Provided and/or discovered by
Reported by the vendor.
Original Advisory
http://www.ibm.com/support/docview.wss?uid=swg21292875
Posljednje sigurnosne preporuke