RootSSV:12361IBM WebSphere Application Server本地信息泄漏漏洞
0.0004 Low
EPSS
Percentile
5.1%
Bugraq ID: 36458
CVE ID:CVE-2009-2743
IBM WebSphere Application Server是一款商业性质的WEB应用服务程序。
IBM WebSphere Application Server允许本地攻击者获得敏感信息。
在使用wsadmin脚本和配置了JAAS-J2C验证数据后,当部分异常发生时存在一个错误,通过查看FFDC日志文件,攻击者可以获得敏感信息。
IBM Websphere Application Server 6.1 25
IBM Websphere Application Server 6.1 23
IBM Websphere Application Server 6.1 22
IBM Websphere Application Server 6.1 21
IBM Websphere Application Server 6.1 20
IBM Websphere Application Server 6.1 19
IBM Websphere Application Server 6.1 18
IBM Websphere Application Server 6.1 17
IBM Websphere Application Server 6.1 15
IBM Websphere Application Server 6.1 13
IBM Websphere Application Server 6.1 12
IBM Websphere Application Server 6.1 10
IBM Websphere Application Server 6.1 .9
IBM Websphere Application Server 6.1 .7
IBM Websphere Application Server 6.1 .6
IBM Websphere Application Server 6.1 .5
IBM Websphere Application Server 6.1 .3
IBM Websphere Application Server 6.1 .2
IBM Websphere Application Server 6.1 .14
IBM Websphere Application Server 6.1 .1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 6.1
IBM Websphere Application Server 6.1
厂商解决方案
用户可联系供应商下载使用最新的Fix Pack (6.1.0.27或之后)或APAR PK86137补丁:
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Related
