You are here

V-054: IBM WebSphere Application Server for z/OS Arbitrary Command Execution Vulnerability

December 25, 2012 - 12:08am

Addthis

PROBLEM:

IBM WebSphere Application Server for z/OS Arbitrary Command Execution Vulnerability

PLATFORM:

IBM HTTP Server for z/OS Version 5.3

ABSTRACT:

A vulnerability was reported in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS

REFERENCE LINKS:

Security vulnerability  Reference #:1620945  
Xforce: 80684
Secunia Advisory SA51656 
CVE-2012-5955

IMPACT ASSESSMENT:

High

DISCUSSION:

A vulnerability has been reported in IBM WebSphere Application Server for z/OS, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an unspecified error within the HTTP Server and can be exploited to execute arbitrary commands.

IMPACT:

IBM HTTP Server for z/OS Version 5.3 could allow a remote attacker to execute arbitrary commands on the system.

SOLUTION:

Apply PTF UK90469 or later which includes APAR PM79239 through normal customer ordering channels.

Addthis