Vulnerability Key Information Vulnerability Identifier: - PM45322 Affected Versions: - IBM WebSphere Application Server for distributed operating systems, IBM i, and z/OS operating systems versions 6.1.0.0 through 6.1.0.39, 7.0.0.0 through 7.0.0.18, and 8.0.0.0. Unaffected Versions: - IBM WebSphere Application Server versions prior to Version 6.1. Problem Description: - If customers have deployed the administration console, attackers can access servlets of the console via HTTP and view restricted server files. Solution: - Distributed Operating Systems: - For V8.0.0.0: Apply Interim Fix APAR PM45322 or Install Fix Pack 1 (or later). - For V7.0.0.0 - V7.0.0.17: Apply Fix Pack 11 or later, or if your environment is not at this level, apply Interim Fix APAR PM45322. - For V6.1.0.0 - V6.1.0.40: Apply Fix Pack 33 or later, or apply Interim Fix APAR PM45322. - IBM i Operating Systems: - For V8.0.0.0: Apply Interim Fix APAR PM45322 or Apply WebSphere Application Server PTF group that includes the corresponding Fix Pack. - For V7.0.0.0 - V7.0.0.17 and V6.1.0.0 - V6.1.0.40: Same instructions as above. - z/OS Operating Systems: - For V8.0.0.0: Apply APAR PM45322 through appropriate PTFs. - For V7.0.0.0 - V7.0.0.18 and V6.1.0.0 - V6.1.0.39: Same instructions as above. Related Documents and Links: - Additional information can be found in the document "administration console directory traversal websphere-admin-console-dir-traversal (69473)". - Also, the "CVE-2011-1359" document provides more information. Historical Updates: - Changes on September 19 and 20, 2011, regarding additional information and updates to the "Problem Description".