IBM WebSphere Application Server Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com(情報元のブックマーク数)
WebSphere結構狙われているというか、穴が多い?!?!結構指摘されてるよねぇ。
Some vulnerabilities and a security issue have been reported in IBM WebSphere Application Server. One vulnerability has an unknown impact, the others can be exploited by malicious people to cause a DoS (Denial of Service) or bypass certain security restrictions.
Security Advisory SA32296 - IBM WebSphere Application Server Multiple Vulnerabilities - Secunia
1) A vulnerability is caused due to an unspecified error when the "fileServing" feature is enabled.
This is related to:
SA31892
2) An error in the processing of HTTP requests can be exploited to cause an "0C4" abend in the controller via a specially crafted request containing an overly long HTTP "Host" header (more than 256 bytes), and may hang the server.
3) A security issue is caused due to Web services security not properly processing Certificate Revocation Lists (CRL). This can lead to revoked X509 certificates not being rejected by the system.