[virusinfo] Information disclosed in IBM WebSphere - 03/16/05

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Thu, 17 Mar 2005 10:22:16 -0800

From; Oxygen3:

"All men are alike in their words; only their actions
            show the difference that exists between them." 
     Jean-Baptiste Poquelin Moliere (1622-1673); French playwright.

               - Information disclosed in IBM WebSphere -
 Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, March 16, 2005 - IBM has reported, at
http://www-1.ibm.com/support/docview.wss?uid=swg21199839, a
vulnerability in WebSphere Commerce, which could allow a remote attacker
to obtain confidential information.

Under certain circumstances, the cache entry for a product or category
display page can become linked to a form showing private information.

This flaw is confirmed in WebSphere Commerce versions 5.5, 5.6 and
5.6.0.1. The company recommends applying WebSphere Commerce fix pack
5.6.0.2 or later, which is available at:
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21173312. For
systems with WebSphere Commerce 5.5, IBM offers the update APAR IY60949.

NOTE: The addresses above may not show up on your screen as single
lines. This would prevent you from using the links to access the web
pages. If this happens, just use the 'cut' and 'paste' options to join
the pieces of the URL.
------------------------------------------------------------

The 5 viruses most frequently detected by Panda ActiveScan, Panda
Software's free online scanner: 1)Netsky.P; 2)Mhtredir.gen;
3)Downloader.GK; 4)Sdbot.ftp; 5)Shinwow.E.

------------------------------------------------------------
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] Information disclosed in IBM WebSphere - 03/16/05

1. Home
2. virusinfo
3. Archive
4. 03-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---