IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication SPI for Containers (JASPIC). This can happen when the Application Server is configured to permit access on non-secure (http) port and using JASPIC or JSR375 authentication.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/105150 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1041558 | Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/148597 | VDB Entry Vendor Advisory |
https://www.ibm.com/support/docview.wss?uid=ibm10728689 | Patch Vendor Advisory |
Configurations
History
No history.
Information
Published : 2018-08-24 10:29
Updated : 2024-02-04 20:03
NVD link : CVE-2018-1755
Mitre link : CVE-2018-1755
CVE.ORG link : CVE-2018-1755
JSON object : View
Products Affected
ibm
- websphere_application_server
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor