Network Security, Malware, Network Security, Patch/Configuration Management, Vulnerability Management

Researcher pressured to limit big reveal of Big Blue flaw

An Italian researcher who discovered a bug in IBM WebSphere and then worked with the company on fixing the flaw, had his research censored by Big Blue, according to ZDNet.

In a letter to Maurizio Agazzini, the company requested that the researcher censor the full accounting of his proof-of-concept (PoC) exploit code – after updates were issued to fix the flaw.

The bug, CVE-2016-5983, triggered by the application server, could enable attackers to initiate denial-of-service issues as well as remote execution of code.

When he first posted his disclosure, Agazzini included links to an exploit package, but IBM asked him to delete details. Researchers depend on PoC code to further investigate bugs.

"While not the normal IBM practice, in this specific case, we asked for some of the exploit details to be redacted to protect vulnerable users and allow them time to patch," IBM said in a statement to The Register.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.