Bugtraq mailing list archives
Re: IBM AS/400 HTTP Server '/' attack
From: Thomas Reinke <reinke () e-softinc com>
Date: Wed, 21 Nov 2001 16:49:42 -0500
According to a source from IBM, 1. It is the WebSphere version 3.5.4 of the File Serving Servlet that is vulnerable, not the web server. 2. A fix is to be available in fixpack 5 due at end of November. Thomas
I can confirm that a server reporting 'IBM-HTTP-Server/1.0' _IS_ vulrable to this. I do not know if updates increment that number or not...
------------------------------------------------------------ Thomas Reinke Tel: (905) 331-2260 Director of Technology Fax: (905) 331-2504 E-Soft Inc. http://www.e-softinc.com Publishers of SecuritySpace http://www.securityspace.com
Current thread:
- IBM AS/400 HTTP Server '/' attack 'ken'@FTU (Nov 08)
- Re: IBM AS/400 HTTP Server '/' attack Felix Huber (Nov 08)
- Re: IBM AS/400 HTTP Server '/' attack Joe Laffey (Nov 08)
- <Possible follow-ups>
- RE: IBM AS/400 HTTP Server '/' attack Chris Best (Nov 08)
- Re: IBM AS/400 HTTP Server '/' attack Thomas Reinke (Nov 21)
- Re: IBM AS/400 HTTP Server '/' attack Thor (Nov 08)
- Re: IBM AS/400 HTTP Server '/' attack Mike Turk (Nov 13)