IBM WebSphere Application Server JSF Application Information Disclosure Vulnerability Network Vulnerability

Summary

The host is running IBM WebSphere Application Server and is prone to information disclosure vulnerability.

Impact

Successful exploitation will let remote unauthorized attackers to access or view files or obtain sensitive information. Impact Level: Application

Solution

Apply the latest Fix Pack (8.0.0.1 or later) or APAR PM45992 http://www-01.ibm.com/support/docview.wss?uid=swg21474220

Insight

The flaw is caused by improper handling of requests in 'JSF' applications. A remote attacker could gain unauthorized access to view files on the host.

Affected

IBM WebSphere Application Server versions 8.x before 8.0.0.1

References

http://www-01.ibm.com/support/docview.wss?uid=swg24030916
http://xforce.iss.net/xforce/xfdb/70168

Updated on 2017-03-28

Severity

Classification

CVE CVE-2011-1368

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Tomcat HTTP NIO Denial Of Service Vulnerability (Windows)
bozotic HTTP server Denial of Service Vulnerability
Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
GoAhead Webserver Multiple Stored Cross Site Scripting Vulnerabilities
IBM WebSphere Application Server (WAS) Cross-site Scripting Vulnerability

Take action and discover your vulnerabilities