NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2001-11

From: Thomas Reinke (reinkee-softinc.com)
Date: Wed Nov 21 2001 - 15:49:42 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

According to a source from IBM,

1. It is the WebSphere version 3.5.4 of the File Serving Servlet
that is vulnerable, not the web server.

2. A fix is to be available in fixpack 5 due at end of November.

Thomas

> I can confirm that a server reporting 'IBM-HTTP-Server/1.0' _IS_ vulrable
> to this. I do not know if updates increment that number or not...

------------------------------------------------------------
Thomas Reinke Tel: (905) 331-2260
Director of Technology Fax: (905) 331-2504
E-Soft Inc. http://www.e-softinc.com
Publishers of SecuritySpace http://www.securityspace.com

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]