CVE-2011-0316

Sažetak

The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request.

Reference

http://secunia.com/advisories/42938
http://www.securityfocus.com/bid/46736
http://www.vupen.com/english/advisories/2011/0564
http://www-01.ibm.com/support/docview.wss?uid=swg1PM24372
http://www-01.ibm.com/support/docview.wss?uid=swg27007951
http://www-01.ibm.com/support/docview.wss?uid=swg27014463
https://exchange.xforce.ibmcloud.com/vulnerabilities/64558

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

17-08-2017 - 01:33

Objavljeno

12-01-2011 - 01:00