CVE-2009-0508

Sažetak

The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console.

Reference

http://secunia.com/advisories/34283
http://secunia.com/advisories/34876
http://www.securityfocus.com/bid/34104
http://www.vupen.com/english/advisories/2009/0704
http://www.vupen.com/english/advisories/2009/1188
http://www.vupen.com/english/advisories/2009/1464
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24022456
http://www-01.ibm.com/support/docview.wss?uid=swg1PK81387
http://www-01.ibm.com/support/docview.wss?uid=swg21380233
http://www-01.ibm.com/support/docview.wss?uid=swg21380376
http://www-01.ibm.com/support/docview.wss?uid=swg27006876
https://exchange.xforce.ibmcloud.com/vulnerabilities/49085

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

08-08-2017 - 01:33

Objavljeno

16-03-2009 - 19:30