漏洞类别:Local
漏洞等级: 
漏洞信息
IBM WebSphere Application Server is designed to facilitate the creation of various enterprise Web applications.
IBM WebSphere Application Server is affected by multiple vulnerabilities in IBM Java SDK .
Affected Versions:
IBM WebSphere Application Server :
Liberty
Version 9.0
Version 8.5.5
Version 8.5
Version 8.0
Version 7.0
QID Detection Logic (Unauthenticated):
This QID matches vulnerable versions in the response it receives by sending a HTTP GET request to target or retrieving by the banner information via the GIOP protocol.
QID Detection Logic (Authenticated):
Operating Systems: Windows
The QID checks if the file %ProgramFiles%\IBM\WebSphere\AppServer\bin\WASService.exe exists on the target or not.
The QID checks the file %programfiles%\IBM\WebSphere\AppServer\properties\version\WAS.product to get the version of IBM WebSphere Application Server
The QID checks if the IBM Java SDK patch for IBM Websphere Application Server mentioned in advisory swg22010560 has been applied or not.
This QID checks for the file
The following Versions:
WebSphere Application Server version 9.0.0.0 through 9.0.0.5
WebSphere Application Server version 8.5.0.0 through 8.5.5.12
WebSphere Application Server version 8.0.0.0 through 8.0.0.14
WebSphere Application Server version 7.0.0.0 through 7.0.0.43
漏洞危害
Successful exploitation of the vulnerabilities will lead allow an unauthenticated attacker to take control of the system.
解决方案
The vendor has released a fix to resolve the issue, please refer to Recommended fixes for WebSphere Application Server for more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论