Information Disclosure Vulnerability in IBM WebSphere Application Server and Virtual Enterprise
CVE-2015-1932

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Virtual Enterprise
Vendor: CVE Published:; 22 August 2015

What is CVE-2015-1932?

IBM WebSphere Application Server and WebSphere Virtual Enterprise are susceptible to a vulnerability that allows remote attackers to retrieve potentially sensitive information. This is achieved by exploiting the HTTP Via header, which may reveal details about the proxy-server software configured in the application. Users of affected versions are strongly urged to update to the latest releases to mitigate the risk of exposing critical information to malicious actors.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21963275

x_refsource_CONFIRM

http://www.securitytracker.com/id/1033325

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/76466

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2015
Vulnerability Reserved
Feb 19, 2015