4.3

CVE-2005-4833

IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via "a specific JSP URL," related to lack of normalization of the URL format.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.28% 0.662
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www-1.ibm.com/support/docview.wss?uid=swg24008815
Patch
Vendor Advisory
http://osvdb.org/34177
http://secunia.com/advisories/24478
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21243541
Patch
Vendor Advisory
http://www.securityfocus.com/bid/22991
http://www.vupen.com/english/advisories/2007/0970