Home Unlabelled IBM Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2017-1381)

IBM Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2017-1381)

By
Wednesday, July 19, 2017
Read
Add Comment

There is an information disclosure in the WebSphere Application Server Proxy Server or On-Demand-Router (ODR). This only occurs when the system clock is changed. If the system clock is changed it could cause stale data to be cached and served.

CVE(s): CVE-2017-1381

Affected product(s) and affected version(s):

This vulnerability affects the following versions and releases of IBM WebSphere Application Server:

  • Version 9.0 – you are only affected if you have changed the default value for the custom property cache.query.string to false
  • Version 8.5
  • Version 8.0
  • Version 7.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2vC2PLU
X-Force Database: http://ift.tt/2uCLXY9

The post IBM Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2017-1381) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2vBYMPF
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us