PROBLEM:
IBM WebSphere Application Server for z/OS Arbitrary Command Execution Vulnerability
PLATFORM:
IBM HTTP Server for z/OS Version 5.3
ABSTRACT:
A vulnerability was reported in the IBM HTTP Server component 5.3 in IBM WebSphere Application Server (WAS) for z/OS
REFERENCE LINKS:
Security vulnerability Reference #:1620945
Xforce: 80684
Secunia Advisory SA51656
CVE-2012-5955
IMPACT ASSESSMENT:
High
DISCUSSION:
A vulnerability has been reported in IBM WebSphere Application Server for z/OS, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an unspecified error within the HTTP Server and can be exploited to execute arbitrary commands.
IMPACT:
IBM HTTP Server for z/OS Version 5.3 could allow a remote attacker to execute arbitrary commands on the system.
SOLUTION:
Apply PTF UK90469 or later which includes APAR PM79239 through normal customer ordering channels.