SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   IBM WebSphere Vendors:   IBM
IBM WebSphere Application Server Default serveServletsbyClassname Setting Lets Remote Users Access the Target System
SecurityTracker Alert ID:  1033383
SecurityTracker URL:  http://securitytracker.com/id/1033383
CVE Reference:   CVE-2015-1927   (Links to External Site)
Date:  Aug 27 2015
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): AS 7, 8, 8.5
Description:   A vulnerability was reported in IBM WebSphere Application Server. A remote user can gain access to the target system.

If an application does not have the correct serveServletsbyClassname setting, the default value allows a remote user can gain access to the target system.

Impact:   A remote user can gain access to the target application in certain cases.
Solution:   The vendor has issued a fix (APAR PI31622).

The vendor's advisory is available at:

http://www-01.ibm.com/support/docview.wss?uid=swg21963275

Vendor URL:  www-01.ibm.com/support/docview.wss?uid=swg21963275 (Links to External Site)
Cause:   Access control error, Configuration error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any), z/OS

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 22 2015 (IBM Issues Fix for IBM License Metric Tool) IBM WebSphere Application Server Default serveServletsbyClassname Setting Lets Remote Users Access the Target System
IBM has issued a fix for IBM License Metric Tool.
Dec 24 2015 (IBM Issues Fix for IBM Tivoli Monitoring) IBM WebSphere Application Server Default serveServletsbyClassname Setting Lets Remote Users Access the Target System
IBM has issued a fix for IBM Tivoli Monitoring.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC