CVE-2018-1957

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9

Description The issue is caused by the mishandling of data by the application based on an incorrect return by the httpServletRequest#authenticate() API when an unprotected URI is accessed. This could allow sensitive information to be available.

Recommendations For IBM WebSphere Application Server version 9, consider restricting access to unprotected URIs until a fix is available. As a temporary workaround, review the application's handling of the httpServletRequest#authenticate() API return values to prevent sensitive information disclosure.