Schweregrad:: Mittel
  CVE Kennungen:: CVE-2009-2747
  Hinweisdatum: 21 Juli 2015

  Beschreibung

The Java Naming and Directory Interface (JNDI) implementation in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 does not properly restrict access to UserRegistry object methods, which allows remote attackers to obtain sensitive information via a crafted method call.

  Trend Micro Lösungen

Apply associated Trend Micro DPI Rules.

  Lösungen

  Trend Micro Deep Security DPI Rule Number: 1000552
  Trend Micro Deep Security DPI Rule Name: 1000552 - Generic Cross Site Scripting(XSS) Prevention

  Betroffene Software und Version:

  • IBM WebSphere Application Server 6.1.x