CVE-2005-4833 - IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR

CVE-2005-4833

Summary

IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via "a specific JSP URL," related to lack of normalization of the URL format.

References

http://osvdb.org/34177
http://secunia.com/advisories/24478
http://www.securityfocus.com/bid/22991
http://www.vupen.com/english/advisories/2007/0970
http://www-1.ibm.com/support/docview.wss?uid=swg21243541
http://www-1.ibm.com/support/docview.wss?uid=swg24008815

Vulnerable Configurations

cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 08-03-2011 - 02:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

refmap via4

aixapar	PK00091
bid	22991
confirm	http://www-1.ibm.com/support/docview.wss?uid=swg21243541
osvdb	34177
secunia	24478
vupen	ADV-2007-0970

Last major update

08-03-2011 - 02:29

Published

31-12-2005 - 05:00

Last modified

08-03-2011 - 02:29