The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19 does not enable the secure version, which allows remote attackers to obtain sensitive information via unspecified vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Websphere_application_server | Ibm | 6.1.0.1 (including) | 6.1.0.1 (including) |
| Websphere_application_server | Ibm | 6.1.0.2 (including) | 6.1.0.2 (including) |
| Websphere_application_server | Ibm | 6.1.0.3 (including) | 6.1.0.3 (including) |
| Websphere_application_server | Ibm | 6.1.0.5 (including) | 6.1.0.5 (including) |
| Websphere_application_server | Ibm | 6.1.0.7 (including) | 6.1.0.7 (including) |
| Websphere_application_server | Ibm | 6.1.0.9 (including) | 6.1.0.9 (including) |
| Websphere_application_server | Ibm | 6.1.0.11 (including) | 6.1.0.11 (including) |
| Websphere_application_server | Ibm | 6.1.0.13 (including) | 6.1.0.13 (including) |
| Websphere_application_server | Ibm | 6.1.0.15 (including) | 6.1.0.15 (including) |
| Websphere_application_server | Ibm | 6.1.0.17 (including) | 6.1.0.17 (including) |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg27007951
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK59108
- http://www.securityfocus.com/bid/33700
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48522
- http://www-01.ibm.com/support/docview.wss?uid=swg27007951
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK59108
- http://www.securityfocus.com/bid/33700
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48522