PT-2006-7140 · Ibm · Ibm Websphere Host On-Demand

David Ferguson

Published

2006-12-14

Updated

2018-10-17

CVE-2006-6537

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions IBM WebSphere Host On-Demand versions 6.0 through 10.0

Description The issue allows remote attackers to bypass authentication by modifying the pnl parameter, which is related to the "hod/HODAdmin.html" and "hod/frameset.html" endpoints.

Recommendations For IBM WebSphere Host On-Demand versions 6.0 through 10.0, consider restricting access to the hod/HODAdmin.html and hod/frameset.html endpoints until a patch is available. As a temporary workaround, avoid using the modified pnl parameter in these endpoints to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6537

Affected Products

Ibm Websphere Host On-Demand

PT-2006-7140 · Ibm · Ibm Websphere Host On-Demand

CVE-2006-6537

Related Identifiers

Affected Products

References · 6