Potential risk when using Web based applications on WebSphere Application Server (PK81387)

Flash alert for WebSphere Application Server concerning a security risk.

And then why post it here :-), Lotus Connections runs on WAS 6.1.0.13
and thus is vulnerably.

Check out the fix here.

Problem Description:
Customers who have Web based applications, including Web services applications running on WebSphere Application Server, have the risk of an attacker having the ability to display application specific files contained within the war file. In addition, there is a potential risk for customers who are using the WebSphere administrative console with administrative security disabled. Credit to Edward Schaller for disclosing this problem to IBM.

For V6.1.0.11 through 6.1.0.21:

  • Apply Interim Fix APAR PK81387
  • –OR–
  • Apply Fix Pack 23 or later (6.1.0.23 targeted to be available late March 2009).
This entry was posted in lotus connections and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Please leave these two fields as-is:

Protected by Invisible Defender. Showed 403 to 807,335 bad guys.