PT-2016-4176 · Ibm · Ibm Websphere Application Server Liberty+1
Publicado
2016-09-01
·
Atualizado
2017-08-16
·
CVE-2016-0385
CVSS v2.0
3.5
Baixa
| Vetor | AV:N/AC:M/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM WebSphere Application Server versions 7.0 through 7.0.0.42
IBM WebSphere Application Server versions 8.0 through 8.0.0.12
IBM WebSphere Application Server versions 8.5 through 8.5.5.9
IBM WebSphere Application Server versions 9.0 through 9.0.0.0
IBM WebSphere Application Server Liberty versions prior to 16.0.0.3
Description
A buffer overflow issue exists when HttpSessionIdReuse is enabled, allowing remote authenticated users to obtain sensitive information via unspecified vectors.
Recommendations
For IBM WebSphere Application Server versions 7.0 through 7.0.0.42, update to version 7.0.0.43 or later.
For IBM WebSphere Application Server versions 8.0 through 8.0.0.12, update to version 8.0.0.13 or later.
For IBM WebSphere Application Server versions 8.5 through 8.5.5.9, update to version 8.5.5.10 or later.
For IBM WebSphere Application Server versions 9.0 through 9.0.0.0, update to version 9.0.0.1 or later.
For IBM WebSphere Application Server Liberty versions prior to 16.0.0.3, update to version 16.0.0.3 or later.
Correção
Buffer Overflow
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Ibm Websphere Application Server
Ibm Websphere Application Server Liberty