Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:WEBSPHERE:WASPOSTPARAM-JD |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
IBM WebSphere WASPostParam cookie Untrusted Java Deserialization |
Release Date |
2016/11/10 |
Update Number |
2803 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: IBM WebSphere WASPostParam cookie Untrusted Java Deserialization
This signature detects attempts to exploit a known vulnerability against IBM WebSphere. Successful exploitation could cause a denial of service and potentially execute arbitrary code on the affected system.
Extended Description
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.
Affected Products
- Ibm websphere_application_server 7.0
- Ibm websphere_application_server 7.0.0.0
- Ibm websphere_application_server 7.0.0.1
- Ibm websphere_application_server 7.0.0.10
- Ibm websphere_application_server 7.0.0.11
- Ibm websphere_application_server 7.0.0.12
- Ibm websphere_application_server 7.0.0.13
- Ibm websphere_application_server 7.0.0.14
- Ibm websphere_application_server 7.0.0.15
- Ibm websphere_application_server 7.0.0.16
- Ibm websphere_application_server 7.0.0.17
- Ibm websphere_application_server 7.0.0.18
- Ibm websphere_application_server 7.0.0.19
- Ibm websphere_application_server 7.0.0.2
- Ibm websphere_application_server 7.0.0.21
- Ibm websphere_application_server 7.0.0.22
- Ibm websphere_application_server 7.0.0.23
- Ibm websphere_application_server 7.0.0.24
- Ibm websphere_application_server 7.0.0.25
- Ibm websphere_application_server 7.0.0.27
- Ibm websphere_application_server 7.0.0.28
- Ibm websphere_application_server 7.0.0.29
- Ibm websphere_application_server 7.0.0.3
- Ibm websphere_application_server 7.0.0.31
- Ibm websphere_application_server 7.0.0.32
- Ibm websphere_application_server 7.0.0.33
- Ibm websphere_application_server 7.0.0.34
- Ibm websphere_application_server 7.0.0.35
- Ibm websphere_application_server 7.0.0.36
- Ibm websphere_application_server 7.0.0.37
- Ibm websphere_application_server 7.0.0.38
- Ibm websphere_application_server 7.0.0.39
- Ibm websphere_application_server 7.0.0.4
- Ibm websphere_application_server 7.0.0.41
- Ibm websphere_application_server 7.0.0.5
- Ibm websphere_application_server 7.0.0.6
- Ibm websphere_application_server 7.0.0.7
- Ibm websphere_application_server 7.0.0.8
- Ibm websphere_application_server 7.0.0.9
- Ibm websphere_application_server 8.0
- Ibm websphere_application_server 8.0.0.0
- Ibm websphere_application_server 8.0.0.1
- Ibm websphere_application_server 8.0.0.10
- Ibm websphere_application_server 8.0.0.11
- Ibm websphere_application_server 8.0.0.12
- Ibm websphere_application_server 8.0.0.2
- Ibm websphere_application_server 8.0.0.3
- Ibm websphere_application_server 8.0.0.4
- Ibm websphere_application_server 8.0.0.5
- Ibm websphere_application_server 8.0.0.6
- Ibm websphere_application_server 8.0.0.7
- Ibm websphere_application_server 8.0.0.8
- Ibm websphere_application_server 8.0.0.9
- Ibm websphere_application_server 8.5.0.0
- Ibm websphere_application_server 8.5.0.1
- Ibm websphere_application_server 8.5.0.2
- Ibm websphere_application_server 8.5.5.0
- Ibm websphere_application_server 8.5.5.1
- Ibm websphere_application_server 8.5.5.10
- Ibm websphere_application_server 8.5.5.2
- Ibm websphere_application_server 8.5.5.4
- Ibm websphere_application_server 8.5.5.5
- Ibm websphere_application_server 8.5.5.6
- Ibm websphere_application_server 8.5.5.7
- Ibm websphere_application_server 8.5.5.8
- Ibm websphere_application_server 8.5.5.9
- Ibm websphere_application_server 9.0.0.0
- Ibm websphere_application_server 9.0.0.1
References
- CVE: CVE-2016-5983