Vigil@nce: WebSphere AS 7, two vulnerabilities
May 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can obtain information via Websphere Application
Server.
– Severity: 1/4
– Creation date: 04/05/2010
DESCRIPTION OF THE VULNERABILITY
Two vulnerabilities were announced in Websphere Application Server.
When the "-trace" option is enabled, log files contain sensitive
information. [severity:1/4; CVE-2010-1650, PM06839]
When the "-trace" option is enabled, log files contain sensitive
information coming from SIP headers. [severity:1/4; CVE-2010-1651,
PM08892]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/WebSphere-AS-7-two-vulnerabilities-9625