Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 19/12/2006 Updated: 14/06/2011

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) prior to 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote malicious users to obtain JSP source code and other sensitive information via "specific requests."

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm websphere application server 6.0.2.1
ibm websphere application server 6.0.2.9
ibm websphere application server 6.0.2.11
ibm websphere application server 6.0.2.13
ibm websphere application server 6.0.2.15
ibm websphere application server 6.0.2.3
ibm websphere application server 6.0.2.5
ibm websphere application server 6.0.2.7

CWE-200 http://www-1.ibm.com/support/docview.wss?uid=swg27006876 http://secunia.com/advisories/23414 http://www.securityfocus.com/bid/21636 http://www-1.ibm.com/support/docview.wss?uid=swg21243541 http://www-1.ibm.com/support/docview.wss?uid=swg24015155 http://www.securityfocus.com/bid/22991 http://secunia.com/advisories/24478 http://www.vupen.com/english/advisories/2006/5050 http://www.vupen.com/english/advisories/2007/0970 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-6637

Vulnerability Summary

References

Vulmon Search

About

Products

Connect