IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty, specifically in versions 8.5 and 9.0. This vulnerability allows for code execution through the Web Server Plug-ins by sending a specially crafted request.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where the affected Web Server Plug-ins are used.

Remediation

Users are advised to apply the currently available Web Server Plug-ins interim fix or fix pack that contains the fix for APAR PH71342. For Web Server Plug-ins for IBM WebSphere Application Server V9.0.0.0 through 9.0.5.27, upgrade to the required minimal fix pack level and then apply the Web Server Plug-ins Interim Fix for PH71342. Alternatively, Web Server Plug-ins Fix Pack 9.0.5.28 or later can be applied. For V8.5.0.0 through 8.5.5.29, the same interim fix process applies, or Web Server Plug-ins Fix Pack 8.5.5.30 or later can be applied.