PT-2013-4097 · Ibm · Ibm Websphere Portal

Publicado

2013-08-21

Atualizado

2017-08-29

CVE-2013-3016

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM WebSphere Portal versions 6.1 through 8.0

Description The issue allows remote attackers to access the user directory via a crafted request for a servlet. This is related to the setting serveServletsByClassnameEnabled.

Recommendations For IBM WebSphere Portal versions 6.1 through 8.0, consider disabling the serveServletsByClassnameEnabled setting to prevent unauthorized access to the user directory. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2013-3016

Produtos afetados

Ibm Websphere Portal

PT-2013-4097 · Ibm · Ibm Websphere Portal

CVE-2013-3016

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4