PT-2016-5306 · Ibm+1 · Ibm Websphere Message Broker+2
Publicado
2016-07-02
·
Atualizado
2016-07-08
·
CVE-2016-2961
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Integration Bus versions 9.0.0.0 through 9.0.0.5
IBM Integration Bus versions 10.0.0.0 through 10.0.0.4
WebSphere Message Broker versions 8.0.0.0 through 8.0.0.7
Description
The issue allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace.
Recommendations
For IBM Integration Bus versions 9.0.0.0 through 9.0.0.5, update to version 9.0.0.6 or later.
For IBM Integration Bus versions 10.0.0.0 through 10.0.0.4, update to version 10.0.0.5 or later.
For WebSphere Message Broker versions 8.0.0.0 through 8.0.0.7, update to version 8.0.0.8 or later.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Integration Bus
Apache Tomcat
Ibm Websphere Message Broker