Korean
<< Back
VID 14085
Severity 40
Port 22
Protocol TCP
Class LSC
Detailed Description startServer.sh which is the service daemon execution file of WebSphere Application Server is not safe for secuirty reasons.
startServer.sh is a script file to start WebSphere Application Server. If there is permission to write to the file, Serious problems can occur for secuirty reason. Therefore, Restriction is necessary for non-administrative users to write.

* Platforms Affected:
UNIX, Linux
Recommendation Remove other user's write permissions from the file as the following
chmod o-w (if the group has write permission: g-w) ./startServer.sh
ex) chmod o-w {was_profile_root}/bin/startServer.sh
ex) chmod g-w {was_profile_root}/bin/startServer.sh
Related URL (CVE)
Related URL (SecurityFocus)
Related URL (ISS)