rispost

Potential risk when using Web based applications on WebSphere Application Server (PK81387)

March 20th, 2009

Flash alert for WebSphere Application Server concerning a security risk.

And then why post it here :-) , Lotus Connections runs on WAS 6.1.0.13
and thus is vulnerably.

Check out the fix here.

Problem Description:
Customers who have Web based applications, including Web services applications running on WebSphere Application Server, have the risk of an attacker having the ability to display application specific files contained within the war file. In addition, there is a potential risk for customers who are using the WebSphere administrative console with administrative security disabled. Credit to Edward Schaller for disclosing this problem to IBM.

For V6.1.0.11 through 6.1.0.21:

  • Apply Interim Fix APAR PK81387
  • –OR–
  • Apply Fix Pack 23 or later (6.1.0.23 targeted to be available late March 2009).

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment

Please leave these two fields as-is:
   
© LOTUSCONNECTIONS.org , Designed by Stealth Settings
Entries (RSS) and Comments (RSS)