[23220] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: IBM AS/400 HTTP Server '/' attack

daemon@ATHENA.MIT.EDU (Thomas Reinke)
Wed Nov 21 20:59:16 2001

Message-ID: <3BFC2176.51B46502@e-softinc.com>
Date: Wed, 21 Nov 2001 16:49:42 -0500
From: Thomas Reinke <reinke@e-softinc.com>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

According to a source from IBM,

   1. It is the WebSphere version 3.5.4 of the File Serving Servlet 
      that is vulnerable, not the web server.

   2. A fix is to be available in fixpack 5 due at end of November.

Thomas


> I can confirm that a server reporting 'IBM-HTTP-Server/1.0' _IS_ vulrable
> to this. I do not know if updates increment that number or not...
 
------------------------------------------------------------
Thomas Reinke                            Tel: (905) 331-2260
Director of Technology                   Fax: (905) 331-2504
E-Soft Inc.                         http://www.e-softinc.com
Publishers of SecuritySpace     http://www.securityspace.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[23220] in bugtraq

Re: IBM AS/400 HTTP Server '/' attack

daemon@ATHENA.MIT.EDU (Thomas Reinke)Wed Nov 21 20:59:16 2001

daemon@ATHENA.MIT.EDU (Thomas Reinke)
Wed Nov 21 20:59:16 2001