漏洞关键信息 漏洞标识: - PM45322 影响版本: - IBM WebSphere Application Server for distributed operating systems, IBM i, and z/OS operating systems versions 6.1.0.0 through 6.1.0.39, 7.0.0.0 through 7.0.0.18, and 8.0.0.0. 不受影响版本: - IBM WebSphere Application Server versions prior to Version 6.1. 问题描述: - 客户如果有部署管理控制台,攻击者可以通过HTTP访问控制台servlets查看服务器的受限文件。 解决方案: - Distributed Operating Systems: - For V8.0.0.0: Apply Interim Fix APAR PM45322 or Install Fix Pack 1 (later). - For V7.0.0.0 - V7.0.0.17: Apply Fix Pack 11 or later, or if your environment is not at this level, apply Interim Fix APAR PM45322. - For V6.1.0.0 - V6.1.0.40: Apply Fix Pack 33 or later, or apply Interim Fix APAR PM45322. - IBM i Operating Systems: - For V8.0.0.0: Apply Interim Fix APAR PM45322 or Apply WebSphere Application Server PTF group that includes the corresponding Fix Pack. - For V7.0.0.0 - V7.0.0.17 and V6.1.0.0 - V6.1.0.40: Similar instructions as above. - z/OS Operating Systems: - For V8.0.0.0: Apply APAR PM45322 through appropriate PTFs. - For V7.0.0.0 - V7.0.0.18 and V6.1.0.0 - V6.1.0.39: Similar instructions as above. 相关文档和链接: - Additional information can be found on the "administration console directory traversal websphere-admin-console-dir-traversal (69473)" document. - Also, the "CVE-2011-1359" document provides more information. 历史更新: - Changes on September 19 and 20, 2011, regarding additional information and changes in the "Problem Description."