Security Bulletin: Multiple security vulnerabilities in IBM Sales Center for WebSphere Commerce (CVE-2008-7271, CVE-2010-4647, CVE-2012-0186, CVE-2012-0191, CVE-2012-2159, CVE-2012-2161)

Abstract Multiple security vulnerabilities have been identified in IBM Sales Center for WebSphere Commerce V6.0 and V7.0 Content VULNERABILITY DETAILS – Directory Traversal CVE ID: CVE-2012-0186 DESCRIPTION: Specially crafted URLs can be sent to the Eclipse Help component of IBM Sales Center for...

IBM Lotus Expeditor请求标头欺骗安全限制绕过漏洞

BUGTRAQ ID: 54163 CVE ID: CVE-2012-0191 IBM Lotus Expeditor之前名为IBM WebSphere Everyplace Deployment，是用于创建、部署和维护各种应用的管理客户端。 IBM Lotus Expeditor 6.2 FP5+Security Pack之前的6.1.x和6.2.x版本中的Web容器没有正确执行请求的访问控制，在实现上存在安全限制绕过漏洞，可允许远程攻击者通过特制的请求标头，绕过某些安全限制。 0 IBM Lotus Expeditor 厂商补丁： IBM ---...

CVE-2012-0191

The CVE concerns IBM Lotus Expeditor Web container in versions 6.1.x and 6.2.x prior to 6.2 FP5+Security Pack, where access control is mis-implemented, enabling remote attackers to spoof a localhost request origin via crafted headers. This is a remote authentication/authorization bypass affecting...