IBM WebSphere May Disclose One Users Information to Another User in Certain Cases
|
|
SecurityTracker Alert ID: 1018288
|
|
SecurityTracker URL: http://securitytracker.com/id?1018288
|
|
CVE Reference: CVE-2007-3397
(Links to External Site)
|
Updated: May 11 2008
|
Original Entry Date: Jun 26 2007
|
Impact: Disclosure of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 5.1, 6.0
|
Description: A vulnerability was reported in IBM WebSphere. A remote user may be able to obtain potentially sensitive information.
When a closed connection error occurs, the Web container may corrupt a buffer being used to send a response. This may cause information intended for one user to be sent to another user.
|
Impact: A remote user may obtain information pertaining to another user's connection.
|
Solution: The vendor has issued a fix (PK41446).
The IBM advisory is available at:
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24015854
|
Vendor URL: www-1.ibm.com/support/docview.wss?rs=180&uid=swg24015854 (Links to External Site)
|
Cause: Access control error, State error
|
Underlying OS: Linux (Any), OS/400, UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 26 Jun 2007 00:03:54 -0400
Subject: IBM WebSphere
|
> PK41446; Possible response buffer corruption after closed connection error
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24015854
|
|
