An Italian researcher who discovered a bug in IBM WebSphere and then worked with the company on fixing the flaw, had his research censored by Big Blue, according to ZDNet.
In a letter to Maurizio Agazzini, the company requested that the researcher censor the full accounting of his proof-of-concept (PoC) exploit code – after updates were issued to fix the flaw.
The bug, CVE-2016-5983, triggered by the application server, could enable attackers to initiate denial-of-service issues as well as remote execution of code.
When he first posted his disclosure, Agazzini included links to an exploit package, but IBM asked him to delete details. Researchers depend on PoC code to further investigate bugs.
“While not the normal IBM practice, in this specific case, we asked for some of the exploit details to be redacted to protect vulnerable users and allow them time to patch,” IBM said in a statement to The Register.