PT-2016-4176 · Ibm · Ibm Websphere Application Server Liberty+1

Published

2016-09-01

·

Updated

2017-08-16

·

CVE-2016-0385

CVSS v2.0

3.5

Low

VectorAV:N/AC:M/Au:S/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server versions 7.0 through 7.0.0.42 IBM WebSphere Application Server versions 8.0 through 8.0.0.12 IBM WebSphere Application Server versions 8.5 through 8.5.5.9 IBM WebSphere Application Server versions 9.0 through 9.0.0.0 IBM WebSphere Application Server Liberty versions prior to 16.0.0.3
Description A buffer overflow issue exists when HttpSessionIdReuse is enabled, allowing remote authenticated users to obtain sensitive information via unspecified vectors.
Recommendations For IBM WebSphere Application Server versions 7.0 through 7.0.0.42, update to version 7.0.0.43 or later. For IBM WebSphere Application Server versions 8.0 through 8.0.0.12, update to version 8.0.0.13 or later. For IBM WebSphere Application Server versions 8.5 through 8.5.5.9, update to version 8.5.5.10 or later. For IBM WebSphere Application Server versions 9.0 through 9.0.0.0, update to version 9.0.0.1 or later. For IBM WebSphere Application Server Liberty versions prior to 16.0.0.3, update to version 16.0.0.3 or later.

Fix

Buffer Overflow

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-200

Related Identifiers

CVE-2016-0385

Affected Products

Ibm Websphere Application Server
Ibm Websphere Application Server Liberty