CVE-2012-3304
First published: Tue Sep 25 2012(Updated: )
The Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack sessions via unspecified vectors.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere Application Server | =6.1.0 | |
| IBM WebSphere Application Server | =6.1.0.0 | |
| IBM WebSphere Application Server | =6.1.0.1 | |
| IBM WebSphere Application Server | =6.1.0.2 | |
| IBM WebSphere Application Server | =6.1.0.3 | |
| IBM WebSphere Application Server | =6.1.0.4 | |
| IBM WebSphere Application Server | =6.1.0.5 | |
| IBM WebSphere Application Server | =6.1.0.7 | |
| IBM WebSphere Application Server | =6.1.0.9 | |
| IBM WebSphere Application Server | =6.1.0.11 | |
| IBM WebSphere Application Server | =6.1.0.12 | |
| IBM WebSphere Application Server | =6.1.0.15 | |
| IBM WebSphere Application Server | =6.1.0.17 | |
| IBM WebSphere Application Server | =6.1.0.19 | |
| IBM WebSphere Application Server | =6.1.0.21 | |
| IBM WebSphere Application Server | =6.1.0.23 | |
| IBM WebSphere Application Server | =6.1.0.25 | |
| IBM WebSphere Application Server | =6.1.0.27 | |
| IBM WebSphere Application Server | =6.1.0.29 | |
| IBM WebSphere Application Server | =6.1.0.31 | |
| IBM WebSphere Application Server | =6.1.0.33 | |
| IBM WebSphere Application Server | =6.1.0.35 | |
| IBM WebSphere Application Server | =6.1.0.37 | |
| IBM WebSphere Application Server | =6.1.0.39 | |
| IBM WebSphere Application Server | =6.1.0.41 | |
| IBM WebSphere Application Server | =6.1.0.43 | |
| IBM WebSphere Application Server | =7.0.0.1 | |
| IBM WebSphere Application Server | =7.0.0.2 | |
| IBM WebSphere Application Server | =7.0.0.3 | |
| IBM WebSphere Application Server | =7.0.0.4 | |
| IBM WebSphere Application Server | =7.0.0.5 | |
| IBM WebSphere Application Server | =7.0.0.6 | |
| IBM WebSphere Application Server | =7.0.0.7 | |
| IBM WebSphere Application Server | =7.0.0.8 | |
| IBM WebSphere Application Server | =7.0.0.9 | |
| IBM WebSphere Application Server | =7.0.0.10 | |
| IBM WebSphere Application Server | =7.0.0.11 | |
| IBM WebSphere Application Server | =7.0.0.13 | |
| IBM WebSphere Application Server | =7.0.0.14 | |
| IBM WebSphere Application Server | =7.0.0.15 | |
| IBM WebSphere Application Server | =7.0.0.16 | |
| IBM WebSphere Application Server | =7.0.0.17 | |
| IBM WebSphere Application Server | =7.0.0.19 | |
| IBM WebSphere Application Server | =7.0.0.21 | |
| IBM WebSphere Application Server | =7.0.0.23 | |
| IBM WebSphere Application Server | =8.0.0.0 | |
| IBM WebSphere Application Server | =8.0.0.1 | |
| IBM WebSphere Application Server | =8.0.0.2 | |
| IBM WebSphere Application Server | =8.0.0.3 | |
| IBM WebSphere Application Server | =8.0.0.4 | |
| IBM WebSphere Application Server | =8.5.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-3304?
CVE-2012-3304 is classified as a medium severity vulnerability due to its potential for session hijacking.
How do I fix CVE-2012-3304?
To mitigate CVE-2012-3304, update your IBM WebSphere Application Server to the latest version that addresses this vulnerability.
What versions of IBM WebSphere Application Server are affected by CVE-2012-3304?
CVE-2012-3304 affects IBM WebSphere Application Server versions 6.1, 7.0, 8.0, and 8.5 prior to specific fix levels.
What types of attacks can exploit CVE-2012-3304?
CVE-2012-3304 can be exploited by remote attackers to hijack user sessions using unspecified vectors.
Is there a workaround for CVE-2012-3304?
While updating is the best solution, it may be advisable to limit remote access to the Administrative Console as a temporary measure.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm websphere application server
- version/ibm websphere application server/6.1.0
- version/ibm websphere application server/6.1.0.0
- version/ibm websphere application server/6.1.0.1
- version/ibm websphere application server/6.1.0.2
- version/ibm websphere application server/6.1.0.3
- version/ibm websphere application server/6.1.0.4
- version/ibm websphere application server/6.1.0.5
- version/ibm websphere application server/6.1.0.7
- version/ibm websphere application server/6.1.0.9
- version/ibm websphere application server/6.1.0.11
- version/ibm websphere application server/6.1.0.12
- version/ibm websphere application server/6.1.0.15
- version/ibm websphere application server/6.1.0.17
- version/ibm websphere application server/6.1.0.19
- version/ibm websphere application server/6.1.0.21
- version/ibm websphere application server/6.1.0.23
- version/ibm websphere application server/6.1.0.25
- version/ibm websphere application server/6.1.0.27
- version/ibm websphere application server/6.1.0.29
- version/ibm websphere application server/6.1.0.31
- version/ibm websphere application server/6.1.0.33
- version/ibm websphere application server/6.1.0.35
- version/ibm websphere application server/6.1.0.37
- version/ibm websphere application server/6.1.0.39
- version/ibm websphere application server/6.1.0.41
- version/ibm websphere application server/6.1.0.43
- version/ibm websphere application server/7.0.0.1
- version/ibm websphere application server/7.0.0.2
- version/ibm websphere application server/7.0.0.3
- version/ibm websphere application server/7.0.0.4
- version/ibm websphere application server/7.0.0.5
- version/ibm websphere application server/7.0.0.6
- version/ibm websphere application server/7.0.0.7
- version/ibm websphere application server/7.0.0.8
- version/ibm websphere application server/7.0.0.9
- version/ibm websphere application server/7.0.0.10
- version/ibm websphere application server/7.0.0.11
- version/ibm websphere application server/7.0.0.13
- version/ibm websphere application server/7.0.0.14
- version/ibm websphere application server/7.0.0.15
- version/ibm websphere application server/7.0.0.16
- version/ibm websphere application server/7.0.0.17
- version/ibm websphere application server/7.0.0.19
- version/ibm websphere application server/7.0.0.21
- version/ibm websphere application server/7.0.0.23
- version/ibm websphere application server/8.0.0.0
- version/ibm websphere application server/8.0.0.1
- version/ibm websphere application server/8.0.0.2
- version/ibm websphere application server/8.0.0.3
- version/ibm websphere application server/8.0.0.4
- version/ibm websphere application server/8.5.0.0