PT-2015-1649 · Ibm · Ibm Websphere Application Server

Publicado

2015-07-14

Atualizado

2016-11-30

CVE-2015-1936

CVSS v2.0

6.0

Média

Vetor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions WebSphere Application Server versions 8.0.0 through 8.0.0.10 WebSphere Application Server versions 8.5 through 8.5.5.5

Description The issue is related to inadequate access control in the administrative console of the WebSphere Application Server. It allows a remote attacker to gain access to a session by manipulating the JSESSIONID parameter when the Security feature is disabled.

Recommendations For WebSphere Application Server versions 8.0.0 through 8.0.0.10, update to version 8.0.0.11 or later. For WebSphere Application Server versions 8.5 through 8.5.5.5, update to version 8.5.5.6 or later. As a temporary workaround, consider enabling the Security feature to prevent session hijacking via the JSESSIONID parameter.

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

BDU:2015-10995

CVE-2015-1936

Produtos afetados

Ibm Websphere Application Server

PT-2015-1649 · Ibm · Ibm Websphere Application Server

CVE-2015-1936

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6