---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: IBM WebSphere Application Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA29335 VERIFY ADVISORY: http://secunia.com/advisories/29335/ CRITICAL: Moderately critical IMPACT: Unknown, Exposure of sensitive information WHERE: >From remote SOFTWARE: IBM WebSphere Application Server 6.1.x http://secunia.com/product/11363/ DESCRIPTION: Some vulnerabilities and security issues have been reported in IBM WebSphere Application Server, some of which have unknown impacts while others can potentially be exploited by malicious, local users to gain knowledge of sensitive information. 1) An unspecified error exists in wsadmin within the Administrative Scripting Tools component. No further information is currently available. 2) An unspecified error exists within the PropFilePasswordEncoder utility. No further information is currently available. 3) The problem is that certain sensitive information are stored in clear text within the http_plugin.log file (Plug-in component) and startserver.log (System Management/Repository component). SOLUTION: Apply Fix Pack 15 (6.1.0.15). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (PK45726, PK48785, PK52709, PK53198): http://www-1.ibm.com/support/docview.wss?uid=swg27007951 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------