ID CVE-2005-1112
Summary IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:websphere_application_server:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:5.0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:5.0.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.0.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:5.0.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.0.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:5.0.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.0.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:5.0.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.0.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:5.0.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.0.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:5.0.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.0.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:5.0.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.0.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:5.1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:5.1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:5.1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:5.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:5.1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:5.1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:5.1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:5.1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 13160
bugtraq 20050413 IBM WebSphere Widespread configuration JSP disclosure
osvdb 15501
sectrack 1013697
secunia 14962
xf ibm-websphere-information-disclosure(20099)
Last major update 11-07-2017 - 01:32
Published 02-05-2005 - 04:00
Last modified 11-07-2017 - 01:32
Back to Top