CVE-2010-0777

Sažetak

The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file.

Reference

http://secunia.com/advisories/39838
http://www.securityfocus.com/bid/40277
http://www.vupen.com/english/advisories/2010/1200
http://www-01.ibm.com/support/docview.wss?uid=swg1PM06111
http://www-01.ibm.com/support/docview.wss?uid=swg27007951
https://exchange.xforce.ibmcloud.com/vulnerabilities/58557

CVSS

Base:	2.6
Impact:	2.9
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

17-08-2017 - 01:32

Objavljeno

17-05-2010 - 22:30