The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 prior to 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote malicious users to read the contents of WAS sessions by sniffing the network.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
ibm websphere application server 6.0.2.16 |
||
ibm websphere application server 6.0.2.17 |
||
ibm websphere application server 6.0.2.27 |
||
ibm websphere application server 6.0.2.2 |
||
ibm websphere application server 6.0.2.4 |
||
ibm websphere application server 6.0.2.3 |
||
ibm websphere application server 6.0.2.32 |
||
ibm websphere application server |
||
ibm websphere application server 6.0.2.1 |
||
ibm websphere application server 6.0.2.12 |
||
ibm websphere application server 6.0.2.21 |
||
ibm websphere application server 6.0.2.23 |
||
ibm websphere application server 6.0.2.20 |
||
ibm websphere application server 6.0.2.6 |
||
ibm websphere application server 6.0.2.9 |
||
ibm websphere application server 6.0.2.7 |
||
ibm websphere application server 6.0.2 |
||
ibm websphere application server 6.0.2.14 |
||
ibm websphere application server 6.0.2.22 |
||
ibm websphere application server 6.0.2.25 |
||
ibm websphere application server 6.0.2.30 |
||
ibm websphere application server 6.0.2.5 |
||
ibm websphere application server 6.0.2.8 |
||
ibm websphere application server 6.0.2.31 |
||
ibm websphere application server 6.0.2.13 |
||
ibm websphere application server 6.0.2.10 |
||
ibm websphere application server 6.0.2.11 |
||
ibm websphere application server 6.0.2.15 |
||
ibm websphere application server 6.0.2.24 |
||
ibm websphere application server 6.0.2.18 |
||
ibm websphere application server 6.0.2.19 |
||
ibm websphere application server 6.0.2.29 |
||
ibm websphere application server 6.0.2.28 |
Vulmon