IBM WebSphere Application Server serveServletsByClassnameEnabled unspecified

websphere-serveservlets-unspecified (39808) The risk level is classified as MediumMedium Risk

Description:

An unspecified vulnerability in IBM WebSphere Application Server related to serveServletsByClassnameEnabled has an unknown impact and remote attack vector.

Platforms Affected:

  • HP, HP-UX 11
  • IBM, i5OS
  • IBM, OS 400 V5R2M0
  • IBM, WebSphere Application Server 5.1.0
  • IBM, WebSphere Application Server 5.1.1
  • IBM, WebSphere Application Server 5.1.1.10
  • IBM, WebSphere Application Server 5.1.1.11
  • IBM, WebSphere Application Server 5.1.1.12
  • IBM, WebSphere Application Server 5.1.1.13
  • IBM, WebSphere Application Server 5.1.1.14
  • IBM, WebSphere Application Server 5.1.1.15
  • IBM, WebSphere Application Server 5.1.1.16
  • IBM, WebSphere Application Server 5.1.1.17
  • IBM, WebSphere Application Server 5.1.1.18
  • IBM, WebSphere Application Server 5.1.1.2
  • IBM, WebSphere Application Server 5.1.1.3
  • IBM, WebSphere Application Server 5.1.1.4
  • IBM, WebSphere Application Server 5.1.1.5
  • IBM, WebSphere Application Server 5.1.1.6
  • IBM, WebSphere Application Server 5.1.1.7
  • IBM, WebSphere Application Server 5.1.1.8
  • IBM, WebSphere Application Server 5.1.1.9
  • IBM, WebSphere Application Server 6.0
  • IBM, WebSphere Application Server 6.0.0.2
  • IBM, WebSphere Application Server 6.0.0.3
  • IBM, WebSphere Application Server 6.0.1
  • IBM, WebSphere Application Server 6.0.1.1
  • IBM, WebSphere Application Server 6.0.1.2
  • IBM, WebSphere Application Server 6.0.2
  • IBM, WebSphere Application Server 6.0.2.1
  • IBM, WebSphere Application Server 6.0.2.11
  • IBM, WebSphere Application Server 6.0.2.13
  • IBM, WebSphere Application Server 6.0.2.15
  • IBM, WebSphere Application Server 6.0.2.17
  • IBM, WebSphere Application Server 6.0.2.19
  • IBM, WebSphere Application Server 6.0.2.2
  • IBM, WebSphere Application Server 6.0.2.21
  • IBM, WebSphere Application Server 6.0.2.23
  • IBM, WebSphere Application Server 6.0.2.25
  • IBM, WebSphere Application Server 6.0.2.3
  • IBM, WebSphere Application Server 6.0.2.4
  • IBM, WebSphere Application Server 6.0.2.5
  • IBM, WebSphere Application Server 6.0.2.6
  • IBM, WebSphere Application Server 6.0.2.7
  • IBM, WebSphere Application Server 6.0.2.8
  • IBM, WebSphere Application Server 6.0.2.9
  • IBM, WebSphere Application Server 6.1
  • IBM, WebSphere Application Server 6.1.0.1
  • IBM, WebSphere Application Server 6.1.0.11
  • IBM, WebSphere Application Server 6.1.0.13
  • IBM, WebSphere Application Server 6.1.0.15
  • IBM, WebSphere Application Server 6.1.0.2
  • IBM, WebSphere Application Server 6.1.0.3
  • IBM, WebSphere Application Server 6.1.0.5
  • IBM, WebSphere Application Server 6.1.0.7
  • IBM, WebSphere Application Server 6.1.0.9
  • RedHat, Enterprise Linux 3 WS
  • RedHat, Enterprise Linux 3 AS
  • RedHat, Enterprise Linux 4 WS
  • RedHat, Enterprise Linux 4 ES
  • RedHat, Enterprise Linux 4 AS
  • RedHat, Enterprise Linux 5 Server
  • Sun, Solaris 10
  • Sun, Solaris 8

Remedy:

For IBM WebSphere Application Server 6.x:
Refer to IBM APAR PK52059 for patch, upgrade, or suggested workaround information. See References.

For IBM WebSphere Application Server 5.x:
Apply the latest WebSphere Application Server Cumulative Fix Pack (5.1.1.18 or later), available from the IBM Support & downloads Web site. See References.

Consequences:

Other

References:

  • IBM APAR PK52059, Potential security exposure with serveservletsbyclassnameenabled at http://www-1.ibm.com/support/docview.wss?uid=swg24018067.
  • IBM Support & downloads, Fix list for WebSphere Application Server Version 5.1.1 at http://www-1.ibm.com/support/docview.wss?uid=swg27006879.
  • BID-27371: IBM WebSphere Application Server serveServletsByClassnameEnabled Info Disclosure Vulnerability
  • CVE-2008-0389: Unspecified vulnerability in the serveServletsByClassnameEnabled feature in IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.25, 6.1 through 6.1.0.14, and 5.1.1.x before 5.1.1.18 has unknown impact and attack vectors.
  • SA28576: IBM WebSphere Application Server serveServletsByClassnameEnabled Vulnerability
  • SA29687: IBM WebSphere Application Server serveServletsByClassnameEnabled Information Disclosure
  • SECTRACK ID: 1019251: IBM WebSphere Bug in serveServletsByClassnameEnabled Feature Has Unspecified Impact
  • SECTRACK ID: 1019894: IBM WebSphere Unspecified Flaw in Servlet Engine Has Unspecified Impact
  • VUPEN/ADV-2008-0219: IBM WebSphere Application Server Unspecified Security Exposure Issue
  • VUPEN/ADV-2008-1133: IBM WebSphere Application Server Security Exposure Vulnerability

Reported:

Jan 17, 2008

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page