CVE-2010-1650

Sažetak

IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements that print string representations of unspecified objects, which allows attackers to obtain sensitive information by reading the trace output.

Reference

http://secunia.com/advisories/39628
http://www.vupen.com/english/advisories/2010/0994
http://www-01.ibm.com/support/docview.wss?uid=swg1PM06839
http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247
https://exchange.xforce.ibmcloud.com/vulnerabilities/58323

CVSS

Base:	1.9
Impact:	2.9
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

17-08-2017 - 01:32

Objavljeno

03-05-2010 - 13:51