发布日期：2004-06-02
更新日期：2004-06-07

受影响系统：

IBM Tivoli Access Manager for e-business 5.1
IBM Tivoli Access Manager for e-business 4.1
IBM Tivoli Access Manager for e-business 3.9
IBM Tivoli Access Manager Identity Manager Solution 5.1
IBM Tivoli Configuration Manager for ATM 2.1
IBM Tivoli Configuration Manager 4.2
IBM WebSphere Everyplace Server 2.15
IBM WebSphere Everyplace Server 2.14
IBM WebSphere Everyplace Server 2.1.3
IBM Tivoli SecureWay Policy Director 3.8
    - HP HP-UX 11.0
    - IBM AIX 4.3.3
    - Microsoft Windows NT 4.0 SP6a
    - Microsoft Windows NT 4.0 SP6
    - Microsoft Windows NT 4.0 SP5
    - Microsoft Windows NT 4.0 SP4
    - Microsoft Windows NT 4.0 SP3
    - Microsoft Windows NT 4.0 SP2
    - Microsoft Windows NT 4.0 SP1
    - Microsoft Windows NT 4.0
    - Microsoft Windows 2000 Professional SP3
    - Microsoft Windows 2000 Professional SP2
    - Microsoft Windows 2000 Professional SP1
    - Microsoft Windows 2000 Professional
    - Sun Solaris 8.0
    - Sun Solaris 7.0

描述：

---

BUGTRAQ  ID: 10449

IBM包含多系列产品，如IBM Tivoli，IBM WebSphere等。

IBM多个产品存在信任书伪造问题，远程攻击者可以利用这个漏洞访问资源和数据或可能控制应用程序。

目前报告此问题可以使攻击者利用COOKIE或伪造其他信任用户未授权访问资源，目前没有详细漏洞细节提供。

<*来源：IBM
  
  链接：http://www-1.ibm.com/support/docview.wss?uid=swg21168762
*>

建议：

---

厂商补丁：

IBM
---
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

IBM Tivoli Configuration Manager for ATM 2.1:

IBM Patch 3.8-PWS-0016
http://www-1.ibm.com/support/docview.wss?uid=swg24006478
WebSEAL.

IBM Tivoli SecureWay Policy Director 3.8:

IBM Patch 3.8-PWS-0016
http://www-1.ibm.com/support/docview.wss?uid=swg24006478

IBM Tivoli Access Manager for e-business 3.9:

IBM Patch 3.9-AWS-0007
http://www-1.ibm.com/support/docview.wss?uid=swg24006460

IBM Patch 3.9-WPI-0005
http://www-1.ibm.com/support/docview.wss?uid=swg24006535
Web Server Plug-in.

IBM Tivoli Access Manager for e-business 4.1:

IBM Patch 4.1-AWS-FP09
http://www-1.ibm.com/support/docview.wss?uid=swg24006273
WebSEAL.

IBM Patch 4.1-WPI-0007
http://www-1.ibm.com/support/docview.wss?uid=swg24006534
Web Server Plug-in.

IBM Tivoli Configuration Manager 4.2:

IBM Patch 3.8-PWS-0016
http://www-1.ibm.com/support/docview.wss?uid=swg24006478
WebSEAL.

IBM Tivoli Access Manager for e-business 5.1:

IBM Patch 5.1-AWS-0001
http://www-1.ibm.com/support/docview.wss?uid=swg24006477
WebSEAL.

IBM Patch 5.1-WPI-0001
http://www-1.ibm.com/support/docview.wss?uid=swg24006533
Web Server Plug-in.

IBM Tivoli Access Manager Identity Manager Solution 5.1:

IBM Patch 5.1-AWS-0001
http://www-1.ibm.com/support/docview.wss?uid=swg24006477
WebSEAL.

IBM Patch 5.1-WPI-0001
http://www-1.ibm.com/support/docview.wss?uid=swg24006533
Plug-In for Web Server.

WebSphere Everyplace Server补丁可联系供应商获得。

浏览次数：6308
严重程度：0（网友投票）