IBM WebSphere Application Server ServletSecurity Flaw Lets Remote Users Access the Target System : 8/27/2015 12:48:14 PM
 | Communicate with co-workers in real time. Used by Netflix, Dropbox & Salesforce. $0/unlimited users. Get started >> From our sponsors  |
| Vulnerability Databse |
| This module replaces the description field of a feed to the page it links to (in addition, it wipes out the content:encoded field), so you can get its full text. |
IBM WebSphere Application Server ServletSecurity Flaw Lets Remote Users Access the Target System
8/27/2015 12:00:00 AM
| IBM WebSphere Application Server ServletSecurity Flaw Lets Remote Users Access the Target System |
| SecurityTracker Alert ID: 1033384 |
| SecurityTracker URL: http://securitytracker.com/id/1033384 |
| CVE Reference: CVE-2014-8890 (Links to External Site) |
| Date: Aug 27 2015 |
| Impact: User access via network |
| Fix Available: Yes Vendor Confirmed: Yes |
| Version(s): AS 8, 8.5 |
| Description: A vulnerability was reported in IBM WebSphere Application Server. A remote user can gain access to the target system. If the deployment descriptor security constraints are combined with ServletSecurity annotations on a servlet, a remote user can gain access to the target system. |
| Impact: A remote user can gain access to the target application in certain cases. |
| Solution: The vendor has issued a fix (APAR PI31339). The vendor's advisory is available at: http://www-01.ibm.com/support/docview.wss?uid=swg21963275 |
| Vendor URL: www-01.ibm.com/support/docview.wss?uid=swg21963275 (Links to External Site) |
| Cause: Access control error, Configuration error |
| Underlying OS: Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any), z/OS |
| |
| Message History: None. |
You are receiving this email because you subscribed to this feed at feedmyinbox.com
If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions
