First published: Sat Jul 02 2016(Updated: )
The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Integration Bus | =9.0 | |
IBM Integration Bus | =9.0.0.1 | |
IBM Integration Bus | =9.0.0.2 | |
IBM Integration Bus | =9.0.0.3 | |
IBM Integration Bus | =9.0.0.4 | |
IBM Integration Bus | =9.0.0.5 | |
IBM Integration Bus | =10.0 | |
IBM Integration Bus | =10.0.0.1 | |
IBM Integration Bus | =10.0.0.2 | |
IBM Integration Bus | =10.0.0.3 | |
IBM Integration Bus | =10.0.0.4 | |
IBM WebSphere Message Broker | =8.0 | |
IBM WebSphere Message Broker | =8.0.0.1 | |
IBM WebSphere Message Broker | =8.0.0.2 | |
IBM WebSphere Message Broker | =8.0.0.3 | |
IBM WebSphere Message Broker | =8.0.0.4 | |
IBM WebSphere Message Broker | =8.0.0.5 | |
IBM WebSphere Message Broker | =8.0.0.6 | |
IBM WebSphere Message Broker | =8.0.0.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.