|
Family: CGI abuses --> Category: infos
IBM WebSphere Commerce Remote Information Disclosure Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for remote information disclosure vulnerability in IBM WebSphere Application Server
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is affected by an information disclosure issue.
Description :
The remote host is running a version of IBM WebSphere Commerce that may
allow a possible hacker to conduct a brute-force attack against users who have
recently had their passwords invalidated in WebSphere Commerce and
uncover private information.
See also :
http://www-1.ibm.com/support/docview.wss?uid=swg21199839
Solution :
Apply WebSphere Commerce 5.6.0.2 fix pack or later. If you are running
WebSphere Commerce v5.5 contact IBM product support and request APAR
IY60949.
Risk Factor :
Low / CVSS Base Score : 2
(AV:R/AC:H/Au:NR/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|