漏洞信息详情
IBM WebSphere Application Server安全漏洞
- CNNVD编号:CNNVD-200907-205 <!--
- 危害等级: 中危-->
- 危害等级: 中危
- CVE编号: CVE-2009-0217
- 漏洞类型: 其他
- 发布时间: 2009-07-14
- 威胁类型: 远程
- 更新时间: 2021-07-14
- 厂 商: ibm
- 漏洞来源: Esteban Martinez F...
-
漏洞简介
IBM WebSphere Application Server(WAS)是美国IBM公司的一款应用服务器产品。该产品是JavaEE和Web服务应用程序的平台,也是IBMWebSphere软件平台的基础。
多款产品中存在安全漏洞。攻击者可利用该漏洞伪造基于HMAC的签名并绕过身份验证。以下产品及版本受到影响:Oracle Security Developer Tools(BEA Product Suite 10.3版本,10.0 MP1版本,9.2 MP3版本,9.1版本,9.0版本,8.1 SP6版本);WebLogic Server(BEA Product Suite 10.3版本,10.0 MP1版本,9.2 MP3版本,9.1版本,9.0版本,8.1 SP6版本);Mono 2.4.2.2之前版本;XML Security Library 1.2.12之前版本;IBM WebSphere Application Server 6.0至6.0.2.33版本,6.1至6.1.0.23版本,7.0至7.0.0.1版本;Sun JDK和JRE Update 14版本;Microsoft .NET Framework 3.0至3.0 SP2,3.5和4.0版本。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu icedtea6-plugin_6b12-0ubuntu6.5_powerpc.deb
http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ub untu6.5_powerpc.deb
Ubuntu libmono-accessibility1.0-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-accessibili ty1.0-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
Ubuntu libmono-accessibility2.0-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-accessibili ty2.0-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
Ubuntu libmono-bytefx0.7.6.1-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/m/mono/libmono-bytefx0 .7.6.1-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
Ubuntu libmono-bytefx0.7.6.2-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/m/mono/libmono-bytefx0 .7.6.2-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
Ubuntu libmono-c5-1.0-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/m/mono/libmono-c5-1.0- cil_1.9.1+dfsg-4ubuntu2.1_all.deb
Ubuntu libmono-cairo1.0-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-cairo1.0-ci l_1.9.1+dfsg-4ubuntu2.1_all.deb
Ubuntu libmono-cairo2.0-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-cairo2.0-ci l_1.9.1+dfsg-4ubuntu2.1_all.deb
Ubuntu libmono-corlib1.0-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-corlib1.0-c il_1.9.1+dfsg-4ubuntu2.1_all.deb
Ubuntu libmono-corlib2.0-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-corlib2.0-c il_1.9.1+dfsg-4ubuntu2.1_all.deb
Ubuntu libmono-corlib2.1-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/m/mono/libmono-corlib2 .1-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
Ubuntu libmono-cscompmgd7.0-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/m/mono/libmono-cscompm gd7.0-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
Ubuntu libmono-cscompmgd8.0-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/m/mono/libmono-cscompm gd8.0-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
Ubuntu libmono-data-tds1.0-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-data-tds1.0 -cil_1.9.1+dfsg-4ubuntu2.1_all.deb
Ubuntu libmono-data-tds2.0-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-data-tds2.0 -cil_1.9.1+dfsg-4ubuntu2.1_all.deb
Ubuntu libmono-db2-1.0-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/m/mono/libmono-db2-1.0 -cil_1.9.1+dfsg-4ubuntu2.1_all.deb
Ubuntu libmono-dev_1.9.1+dfsg-4ubuntu2.1_powerpc.deb
http://ports.ubuntu.com/pool/main/m/mono/libmono-dev_1.9.1+dfsg-4ubunt u2.1_powerpc.deb
Ubuntu libmono-firebirdsql1.7-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/m/mono/libmono-firebir dsql1.7-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
Ubuntu libmono-i18n1.0-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-i18n1.0-cil _1.9.1+dfsg-4ubuntu2.1_all.deb
Ubuntu libmono-i18n2.0-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/m/mono/libmono-i18n2.0-cil _1.9.1+dfsg-4ubuntu2.1_all.deb
Ubuntu libmono-ldap1.0-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/m/mono/libmono-ldap1.0 -cil_1.9.1+dfsg-4ubuntu2.1_all.deb
Ubuntu libmono-ldap2.0-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/m/mono/libmono-ldap2.0 -cil_1.9.1+dfsg-4ubuntu2.1_all.deb
Ubuntu libmono-microsoft-build2.0-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/m/mono/libmono-microso ft-build2.0-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
Ubuntu libmono-microsoft7.0-cil_1.9.1+dfsg-4ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/universe/m/mono/libmono-microso ft7.0-cil_1.9.1+dfsg-4ubuntu2.1_all.de
参考网址
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-identified-in-ibm-storediq/
受影响实体
- Ibm Websphere_application_server:7.0.0.1<!--2000-1-1-->
- Ibm Websphere_application_server:7.0<!--2000-1-1-->
- Ibm Websphere_application_server:6.1.0.9<!--2000-1-1-->
- Ibm Websphere_application_server:6.1.0.8<!--2000-1-1-->
- Ibm Websphere_application_server:6.1.0.7<!--2000-1-1-->
补丁
- Microsoft .NET Framework 3.5, Windows Vista Service Pack 1, and Windows Server 2008 Security Update<!--2010-6-1-->
- Microsoft .NET Framework 3.5.1 Security Update for Windows 7 and Windows Server 2008 R2<!--2010-6-1-->
- .NET Framework 1.1 Service Pack 1 CLR Security Update for Windows 2000, Windows XP, Windows 2003 Server x64/IA64 and Windows 2003 Server R2 x64/IA64, Windows Vista, Windows Server 2008<!--2010-6-1-->
- .NET Framework 1.1 Service Pack 1 CLR Security Update for Windows 2000, Windows XP, Windows 2003 Server x64/IA64 and Windows 2003 Server R2 x64/IA64, Windows Vista, Windows Server 2008<!--2010-6-1-->
- Microsoft .NET Framework 3.5 Security Update for Windows Server 2003 and Windows XP<!--2010-6-1-->
还没有评论,来说两句吧...