IBM HTTP Server "httpOnly" Cookie Disclosure and Scoreboard
IBM HTTP Server "httpOnly" Cookie Disclosure and Scoreboard Security Bypass
Release Date : 2012-03-19
Criticality level : Less critical
Impact : Security Bypass
Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch
Software: IBM HTTP Server 7.0.x
IBM HTTP Server 8.0.x
IBM has acknowledged a weakness and a vulnerability in IBM HTTP Server, which can be exploited by malicious people to disclose potentially sensitive information and bypass certain security restrictions.
The weakness and the vulnerability are reported in versions 7.0 and 8.0.
Apply APAR PM55760 and PM56128. A fix is scheduled for versions 126.96.36.199 and 188.8.131.52.
IBM (PM55760, PM56128):