Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 18/08/2006 Updated: 07/03/2011

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

IBM WebSphere Application Server (WAS) prior to 6.0.2.13 allows context-dependent malicious users to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm websphere application server 6.0.2
ibm websphere application server 6.0.2.1
ibm websphere application server 6.0.2.3
ibm websphere application server 6.0.2.5
ibm websphere application server 6.0.2.7
ibm websphere application server
ibm websphere application server 6.0.2.9

CWE-200 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876#60213 http://secunia.com/advisories/21487 http://www-1.ibm.com/support/docview.wss?uid=swg21243541 http://www-1.ibm.com/support/docview.wss?uid=swg24013827 http://www.securityfocus.com/bid/22991 http://secunia.com/advisories/24478 http://www.vupen.com/english/advisories/2007/0970 http://www.vupen.com/english/advisories/2006/3281 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-4223

Vulnerability Summary

References

Vulmon Search

About

Products

Connect