Vigil@nce: WebSphere AS 6.1, several vulnerabilities
December 2008 by Vigil@nce
SYNTHESIS
Several vulnerabilities of WebSphere AS can be used to attack the
service.
Gravity: 2/4
Consequences: data reading, data flow
Provenance: internet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 2
Creation date: 01/12/2008
IMPACTED PRODUCTS
– IBM WebSphere Application Server
DESCRIPTION
Several vulnerabilities were announced in WebSphere Application
Server.
Here is an extract of the changelog:
Perfservlet code writes sensitive information in both
systemout.log and ffdc files (PMI/Performance Tools). [grav:2/4;
PK63886]
Wsadmin ignores yes and no options in non-English locales.
[grav:1/4; PK67183]
CHARACTERISTICS
Identifiers: PK63886, PK67183, VIGILANCE-VUL-8275