IBM Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2017-1381)
There is an information disclosure in the WebSphere Application Server Proxy Server or On-Demand-Router (ODR). This only occurs when the system clock is changed. If the system clock is changed it could cause stale data to be cached and served.
CVE(s): CVE-2017-1381
Affected product(s) and affected version(s):
This vulnerability affects the following versions and releases of IBM WebSphere Application Server:
- Version 9.0 – you are only affected if you have changed the default value for the custom property cache.query.string to false
- Version 8.5
- Version 8.0
- Version 7.0
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2vC2PLU
X-Force Database: http://ift.tt/2uCLXY9
The post IBM Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2017-1381) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2vBYMPF