漏洞信息详情
IBM多个产品未明信任书伪造漏洞
- CNNVD编号:CNNVD-200412-455
- 危害等级: 高危
![图片[1]-IBM多个产品未明信任书伪造漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-17/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2004-2558
- 漏洞类型:
未知
- 发布时间:
2004-06-02
- 威胁类型:
远程
- 更新时间:
2006-01-24
- 厂 商:
ibm - 漏洞来源:
IBM -
漏洞简介
IBM包含多系列产品,如IBM Tivoli,IBM WebSphere等。
IBM多个产品存在信任书伪造问题,远程攻击者可以利用这个漏洞访问资源和数据或可能控制应用程序。
目前报告此问题可以使攻击者利用COOKIE或伪造其他信任用户未授权访问资源,目前没有详细漏洞细节提供。
漏洞公告
厂商补丁:
IBM
—
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
IBM Tivoli Configuration Manager for ATM 2.1:
IBM Patch 3.8-PWS-0016
http://www-1.ibm.com/support/docview.wss?uid=swg24006478” target=”_blank”>
http://www-1.ibm.com/support/docview.wss?uid=swg24006478
WebSEAL.
IBM Tivoli SecureWay Policy Director 3.8:
IBM Patch 3.8-PWS-0016
http://www-1.ibm.com/support/docview.wss?uid=swg24006478” target=”_blank”>
http://www-1.ibm.com/support/docview.wss?uid=swg24006478
IBM Tivoli Access Manager for e-business 3.9:
IBM Patch 3.9-AWS-0007
http://www-1.ibm.com/support/docview.wss?uid=swg24006460” target=”_blank”>
http://www-1.ibm.com/support/docview.wss?uid=swg24006460
IBM Patch 3.9-WPI-0005
http://www-1.ibm.com/support/docview.wss?uid=swg24006535” target=”_blank”>
http://www-1.ibm.com/support/docview.wss?uid=swg24006535
Web Server Plug-in.
IBM Tivoli Access Manager for e-business 4.1:
IBM Patch 4.1-AWS-FP09
http://www-1.ibm.com/support/docview.wss?uid=swg24006273” target=”_blank”>
http://www-1.ibm.com/support/docview.wss?uid=swg24006273
WebSEAL.
IBM Patch 4.1-WPI-0007
http://www-1.ibm.com/support/docview.wss?uid=swg24006534” target=”_blank”>
http://www-1.ibm.com/support/docview.wss?uid=swg24006534
Web Server Plug-in.
IBM Tivoli Configuration Manager 4.2:
IBM Patch 3.8-PWS-0016
http://www-1.ibm.com/support/docview.wss?uid=swg24006478” target=”_blank”>
http://www-1.ibm.com/support/docview.wss?uid=swg24006478
WebSEAL.
IBM Tivoli Access Manager for e-business 5.1:
IBM Patch 5.1-AWS-0001
http://www-1.ibm.com/support/docview.wss?uid=swg24006477” target=”_blank”>
http://www-1.ibm.com/support/docview.wss?uid=swg24006477
WebSEAL.
IBM Patch 5.1-WPI-0001
http://www-1.ibm.com/support/docview.wss?uid=swg24006533” target=”_blank”>
http://www-1.ibm.com/support/docview.wss?uid=swg24006533
Web Server Plug-in.
IBM Tivoli Access Manager Identity Manager Solution 5.1:
IBM Patch 5.1-AWS-0001
http://www-1.ibm.com/support/docview.wss?uid=swg24006477” target=”_blank”>
http://www-1.ibm.com/support/docview.wss?uid=swg24006477
WebSEAL.
IBM Patch 5.1-WPI-0001
http://www-1.ibm.com/support/docview.wss?uid=swg24006533” target=”_blank”>
http://www-1.ibm.com/support/docview.wss?uid=swg24006533
Plug-In for Web Server.
WebSphere Everyplace Server补丁可联系供应商获得。
参考网址
来源: BID
名称: 10449
链接:http://www.securityfocus.com/bid/10449
来源: www-1.ibm.com
链接:http://www-1.ibm.com/support/docview.wss?uid=swg21168762
来源: XF
名称: ibm-cookie-session-hijack(16315)
链接:http://xforce.iss.net/xforce/xfdb/16315
来源: SECUNIA
名称: 11761
链接:http://secunia.com/advisories/11761
来源:NSFOCUS
名称:6521
链接:http://www.nsfocus.net/vulndb/6521
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
