5

CVE-2006-6637

The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmWebsphere Application Server Version6.0.2.1
IbmWebsphere Application Server Version6.0.2.3
IbmWebsphere Application Server Version6.0.2.5
IbmWebsphere Application Server Version6.0.2.7
IbmWebsphere Application Server Version6.0.2.9
IbmWebsphere Application Server Version6.0.2.11
IbmWebsphere Application Server Version6.0.2.13
IbmWebsphere Application Server Version6.0.2.15
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.56% 0.831
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://secunia.com/advisories/24478
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21243541
http://www.securityfocus.com/bid/22991
http://www.vupen.com/english/advisories/2007/0970
Vendor Advisory
http://secunia.com/advisories/23414
Patch
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg27006876
Patch
http://www.securityfocus.com/bid/21636
http://www.vupen.com/english/advisories/2006/5050
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg24015155