5
CVE-2006-6637
- EPSS 2.56%
- Veröffentlicht 19.12.2006 20:28:00
- Zuletzt bearbeitet 16.06.2026 22:33:30
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Websphere Application Server Version6.0.2.1
Ibm ≫ Websphere Application Server Version6.0.2.3
Ibm ≫ Websphere Application Server Version6.0.2.5
Ibm ≫ Websphere Application Server Version6.0.2.7
Ibm ≫ Websphere Application Server Version6.0.2.9
Ibm ≫ Websphere Application Server Version6.0.2.11
Ibm ≫ Websphere Application Server Version6.0.2.13
Ibm ≫ Websphere Application Server Version6.0.2.15
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.56% | 0.831 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://secunia.com/advisories/24478
http://www-1.ibm.com/support/docview.wss?uid=swg21243541
http://www.securityfocus.com/bid/22991
http://www.vupen.com/english/advisories/2007/0970
http://secunia.com/advisories/23414
http://www-1.ibm.com/support/docview.wss?uid=swg27006876
http://www.securityfocus.com/bid/21636
http://www.vupen.com/english/advisories/2006/5050
http://www-1.ibm.com/support/docview.wss?uid=swg24015155