First published: Sat Oct 01 2016(Updated: )
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3 mishandles responses, which allows remote attackers to obtain sensitive information via unspecified vectors.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM WebSphere Application Server with Web Server Plug-ins | =7.0 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.0 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.1 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.2 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.3 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.4 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.5 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.6 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.7 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.8 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.9 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.10 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.11 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.12 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.13 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.14 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.15 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.16 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.17 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.18 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.19 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.21 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.22 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.23 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.24 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.25 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.27 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.28 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.29 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.31 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.32 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.33 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.34 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.35 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.36 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.37 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.38 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.39 | |
IBM WebSphere Application Server with Web Server Plug-ins | =7.0.0.41 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.0 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.0.0.0 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.0.0.1 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.0.0.2 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.0.0.3 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.0.0.4 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.0.0.5 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.0.0.6 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.0.0.7 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.0.0.8 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.0.0.9 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.0.0.10 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.0.0.11 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.0.0.12 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.5.0.0 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.5.0.0 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.5.0.1 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.5.0.2 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.5.5.0 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.5.5.1 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.5.5.2 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.5.5.4 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.5.5.5 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.5.5.6 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.5.5.7 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.5.5.8 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.5.5.9 | |
IBM WebSphere Application Server with Web Server Plug-ins | =9.0.0.0 | |
IBM WebSphere Application Server with Web Server Plug-ins | =8.5.5.10 | |
IBM WebSphere Application Server with Web Server Plug-ins | =9.0.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-5986 is classified as a medium severity vulnerability due to its potential to expose sensitive information to remote attackers.
To fix CVE-2016-5986, upgrade your IBM WebSphere Application Server to the latest version that addresses this vulnerability.
CVE-2016-5986 affects IBM WebSphere Application Server versions earlier than 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5.5.11, 9.0.x before 9.0.0.2, and Liberty before 16.0.0.3.
CVE-2016-5986 is a response mishandling vulnerability that allows remote attackers to obtain sensitive information.
The impact of CVE-2016-5986 depends on the specific configurations and deployment of your IBM WebSphere Application Server; a security assessment would be recommended.