Schweregrad: : Medium
  Identificador(es) CVE: : CVE-2009-2747
  Data do informe: 21 julho 2015

  Descrição

The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via a crafted method call.

  Exposição das informações

Apply associated Trend Micro DPI Rules.

  Solução

  Trend Micro Deep Security DPI Rule Number: 1000552
  Trend Micro Deep Security DPI Rule Name: 1000552 - Generic Cross Site Scripting(XSS) Prevention

  Software infectado e versão:

  • IBM WebSphere Application Server 6.1.x