Skip to main content

Software  >  Tivoli  >  Products  >  IBM Tivoli Directory Integrator  >  

Potential risk when using Web based applications on WebSphere Application Server (PK81387)

 Flash (Alert)
 
Abstract
Potential risk when using Web based applications on WebSphere Application Server.
 
Content

Affected Versions:
This problem affects the following IBM WebSphere Application Server versions:
Version 5.1 through 5.1.1.19
Version 6.0 through 6.0.2.33
Version 6.1 through 6.1.0.22
Version 7.0 through 7.0.0.1 (7.0.0.2 does not exist)

This problem does not occur on the following versions:
Version 6.0.2.35 (6.0.2.34 for WebSphere Application Server for z/OS) or later
Version 6.1.0.23 or later
Version 7.0.0.3 or later

Problem Description:
Customers who have Web based applications including Web services applications running on WebSphere Application
Server have a risk for an attacker having the ability to remote display or execute files on the server contained within
a war file, including files under the web-inf and meta-inf directories. In addition, there is a potential risk for customers
who are using the WebSphere administrative console with administrative security disabled.

Please follow the link below to the WebSphere Application Server Flash for further information
 
Related information
Link to WebSphere Flash
 
 
Cross Reference information
Segment Product Component Platform Version Edition
SecurityIBM Tivoli Access Manager for Business Integration AIX, HP-UX, Linux, Solaris, Windows5.1
SecurityIBM Tivoli Access Manager for e-business All Platforms5.1, 6.0, 6.1
SecurityIBM Tivoli Access Manager for Operating Systems AIX, HP-UX, Linux, Solaris5.1, 6.0
SecurityIBM Tivoli Directory Integrator All PlatformsVersion Independent
SecurityIBM Tivoli Directory Server AIX, HP-UX, Linux, Solaris, Windows5.1, 6.0, 6.1, 6.2
SecurityIBM Tivoli Federated Identity Manager AIX, HP-UX, Linux, Solaris, Windows6.0, 6.1, 6.1.1, 6.2
SecurityIBM Tivoli Federated Identity Manager Business Gateway AIX, HP-UX, Linux, Solaris, Windows6.0, 6.1.1, 6.1, 6.2
SecurityIBM Tivoli Identity and Access Manager AIX, HP-UX, Linux, Solaris, WindowsAll Versions
SecurityIBM Tivoli Identity Manager Express AIX, Windows4.6
SecurityIBM Tivoli Security Policy Manager AIX, HP-UX, Linux, Solaris, Windows7.0
SecurityIBM Tivoli Unified Single Sign-On AIX, HP-UX, Linux, Solaris, WindowsAll Versions
SecurityIBM Tivoli Privacy Manager for e-business AIX, HP-UX, Linux, Solaris, Windows1.2
SecurityIBM Tivoli Compliance Insight Manager WindowsAll Versions
SecurityIBM Tivoli Security Information and Event Manager AIX, Solaris, WindowsAll Versions
 
 

Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Rate this page
Please take a moment to complete this form to help us better serve you.
This material provides me with the information I need.




This material is clear and easy to understand.




Did the information help you to achieve your goal?
What updates, improvements, or related information would you like to see in this document?
Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.
Input the verification number to submit feedback:
Document information
 Product categories:
 Software
 Security
 Identity Management
 IBM Tivoli Directory Integrator
 Operating system(s):
  AIX, HP-UX, Linux, Solaris, Windows
 Software version:
  4.6, 5.0
 Reference #:
  1380233
 IBM Group:
 Software Group
 Modified date:
 2009-04-29

Translate My Page
 
 

Rate this page

Help us improve this page. Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.