Remote Code Execution Vulnerability in IBM Integration Bus and WebSphere Message Broker
CVE-2016-2961

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Integration Bus
Vendor: CVE Published:; 2 July 2016

Summary

A vulnerability in the integration server components of IBM Integration Bus and WebSphere Message Broker could allow remote attackers to glean sensitive Tomcat version information. This occurs when a poorly structured POST request is sent to the server, permitting unauthorized access to the Java stack trace data. Proper mitigation measures should be enforced to prevent exploitation and to protect sensitive system information.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21985017

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1IT15188

vendor-advisoryx_refsource_AIXAPAR

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 2, 2016
Vulnerability Reserved
Mar 9, 2016