5

CVE-2006-4223

IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmWebsphere Application Server Version <= 6.0.2.11
IbmWebsphere Application Server Version6.0.2.1
IbmWebsphere Application Server Version6.0.2.3
IbmWebsphere Application Server Version6.0.2.5
IbmWebsphere Application Server Version6.0.2.7
IbmWebsphere Application Server Version6.0.2.9
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.36% 0.68
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://secunia.com/advisories/24478
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21243541
http://www.securityfocus.com/bid/22991
http://www.vupen.com/english/advisories/2007/0970
Vendor Advisory
http://secunia.com/advisories/21487
Patch
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876#60213
http://www.vupen.com/english/advisories/2006/3281
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg24013827