FW: IBM AS/400 HTTP Server '/' attack -- SECURITY400

× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.

Subject: [Security400] FW: IBM AS/400 HTTP Server '/' attack
From: "Hall, Philip" <phall@xxxxxxxx>
Date: Mon, 26 Nov 2001 09:47:54 -0600
List-Archive: <http://archive.midrange.com/security400/>
List-Help: <mailto:security400-request@midrange.com?subject=help>
List-Id: Security Administration on the AS400 / iSeries <security400.midrange.com>
List-Post: <mailto:security400@midrange.com>
List-Subscribe: <http://lists.midrange.com/cgi-bin/listinfo/security400>,<mailto:security400-request@midrange.com?subject=subscribe>
List-Unsubscribe: <http://lists.midrange.com/cgi-bin/listinfo/security400>,<mailto:security400-request@midrange.com?subject=unsubscribe>

Again, FYI:

> -----Original Message-----
> From: Thomas Reinke [mailto:reinke@e-softinc.com]
> Sent: Wednesday, November 21, 2001 3:50 PM
> To: bugtraq
> Subject: Re: IBM AS/400 HTTP Server '/' attack
>
>
> According to a source from IBM,
>
>    1. It is the WebSphere version 3.5.4 of the File Serving Servlet
>       that is vulnerable, not the web server.
>
>    2. A fix is to be available in fixpack 5 due at end of November.
>
> Thomas
>

As an Amazon Associate we earn from qualifying purchases.

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.