IBM WebSphere welcome page authentication bypass
| websphere-welcome-auth-bypass (26312) |  Medium Risk |
Description:
IBM WebSphere Application Server could allow a remote attacker to bypass welcome page authentication. If a remote attacker sends a URL request for the Web document root, the attacker can bypass authentication and gain direct access to the WebSphere welcome page.
Consequences:
Bypass Security
Remedy:
Upgrade to the latest version of IBM WebSphere Application Server (6.0.2.3 or later), available from the IBM Support & downloads Web page. See References.
References:
- IBM Support & downloads : PK10057; 6.0.2: A possible security issue with web application's welcome pages.
- BID-17900: IBM WebSphere Application Server Welcome Page Security Restriction Bypass Vulnerability
- CVE-2006-2342: IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote attackers to bypass authentication for the Welcome Page via a request to the default context root.
- OSVDB ID: 25368: IBM WebSphere Application Server Welcome Page Security Bypass
- SA20025: IBM Websphere Application Server Welcome Page Security Bypass
- VUPEN/ADV-2006-1724: IBM Websphere Application Server Welcome Page Security Bypass Vulnerability
Platforms Affected:
- IBM WebSphere Application Server 6.0.2
Reported:
May 08, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net