PT-2015-1649 · Ibm · Ibm Websphere Application Server
Published
2015-07-14
·
Updated
2016-11-30
·
CVE-2015-1936
CVSS v2.0
6.0
Medium
| Vector | AV:N/AC:M/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
WebSphere Application Server versions 8.0.0 through 8.0.0.10
WebSphere Application Server versions 8.5 through 8.5.5.5
Description
The issue is related to inadequate access control in the administrative console of the WebSphere Application Server. It allows a remote attacker to gain access to a session by manipulating the
JSESSIONID parameter when the Security feature is disabled.Recommendations
For WebSphere Application Server versions 8.0.0 through 8.0.0.10, update to version 8.0.0.11 or later.
For WebSphere Application Server versions 8.5 through 8.5.5.5, update to version 8.5.5.6 or later.
As a temporary workaround, consider enabling the Security feature to prevent session hijacking via the
JSESSIONID parameter.Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Websphere Application Server