Lucene search
RootSSV:60228HistoryJun 23, 2012 - 12:00 a.m.
IBM WebSphere Application Server安全绕过漏洞
2012-06-2300:00:00
Root
www.seebug.org
16
0.001 Low
EPSS
Percentile
49.2%
CVE ID: CVE-2012-0717
IBM WebSphere Application Server (WAS)是由IBM遵照开放标准,例如Java EE, XML 还有Web Services,开发并发行的一种应用服务器。
在启用特定SSL的虚拟主机配置中满足如下条件时,WebSphere Application Server允许远程攻击者绕过IBM HTTP Server上SSL客户端证书的验证:
-使用“SSLEnable”启用SSL(默认不启用)。
-使用“SSLClientAuth required_reset”启用SSL客户端验证(默认不启用,“SSLClientAuth required” 不受影响)
-没有使用“SSLProtocolDisable SSLv2”禁用SSLv2
-没有配置“SSLClientAuthRequire”
0
IBM WebSphere Application Server 7.0.0.23之前版本
厂商补丁:
IBM WebSphere
用户可参考如下供应商提供的安全公告获得补丁信息:
Related
prion
prion
Authentication flaw
2012-06-20 10:27:00
cve
cve
CVE-2012-0717
2012-06-20 10:27:00
openvas
openvas
IBM Websphere Application Server Multiple Vulnerabilities -07 (Jan 2016)
2016-01-19 00:00:00
ibm
ibm
Security Bulletin: Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.23
2022-09-25 22:31:03
Security Bulletin: Security Vulnerabilities fixed in IBM WebSphere Application Server 6.1.0.43
2022-09-25 22:31:03
WebSphere Application Server and IBM HTTP Server Security Bulletin List
2022-07-13 18:04:48
nessus
nessus
IBM WebSphere Application Server 7.0 < Fix Pack 23 Multiple Vulnerabilities
2012-06-27 00:00:00
IBM WebSphere Application Server 6.1 < 6.1.0.43 Multiple Vulnerabilities
2012-04-04 00:00:00