IBM WebSphere Application Server (WAS) is prone to an information- disclosure vulnerability. A local authenticated attacker can exploit this issue to gain access to sensitive information this may aid in further attacks. Versions prior to WAS 126.96.36.199 and 188.8.131.52 are vulnerable.
Updates are available. Please see the references for details.
- Bugzilla 'Install/Filesystem.pm' Information Disclosure Vulnerability
- Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
- Joostina 'index.php' Cross Site Scripting Vulnerability
- Bitweaver Multiple Cross-Site Scripting Vulnerabilities
- LDAP Account Manager 'selfserviceSaveOk' Parameter Cross Site Scripting Vulnerability