IBM WebSphere Application Server Default serveServletsbyClassname Setting Lets Remote Users Access the Target System : 8/27/2015 12:48:14 PM
 | Trial offer - 3 Months of GlowHost goodness for just $1.00 - Choose any shared plan for just 1 buck. From our sponsors  |
| Vulnerability Databse |
| This module replaces the description field of a feed to the page it links to (in addition, it wipes out the content:encoded field), so you can get its full text. |
IBM WebSphere Application Server Default serveServletsbyClassname Setting Lets Remote Users Access the Target System
8/27/2015 12:00:00 AM
| IBM WebSphere Application Server Default serveServletsbyClassname Setting Lets Remote Users Access the Target System |
| SecurityTracker Alert ID: 1033383 |
| SecurityTracker URL: http://securitytracker.com/id/1033383 |
| CVE Reference: CVE-2015-1927 (Links to External Site) |
| Date: Aug 27 2015 |
| Impact: User access via network |
| Fix Available: Yes Vendor Confirmed: Yes |
| Version(s): AS 7, 8, 8.5 |
| Description: A vulnerability was reported in IBM WebSphere Application Server. A remote user can gain access to the target system. If an application does not have the correct serveServletsbyClassname setting, the default value allows a remote user can gain access to the target system. |
| Impact: A remote user can gain access to the target application in certain cases. |
| Solution: The vendor has issued a fix (APAR PI31622). The vendor's advisory is available at: http://www-01.ibm.com/support/docview.wss?uid=swg21963275 |
| Vendor URL: www-01.ibm.com/support/docview.wss?uid=swg21963275 (Links to External Site) |
| Cause: Access control error, Configuration error |
| Underlying OS: Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any), z/OS |
| |
| Message History: None. |
You are receiving this email because you subscribed to this feed at feedmyinbox.com
If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions
