Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1189

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2001-1189
Last Modified 05 Sep 2008 04:25:54
Published 13 Dec 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-1189

Summary

IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script.

Vulnerable Systems

Application

  • Ibm Websphere Application Server 3.0

  • Ibm Websphere Application Server 3.0.2

  • Ibm Websphere Application Server 3.0.2.1

  • Ibm Websphere Application Server 3.0.2.2

  • Ibm Websphere Application Server 3.0.2.3

  • Ibm Websphere Application Server 3.0.2.4

  • Ibm Websphere Application Server 3.5

  • Ibm Websphere Application Server 3.5.1

  • Ibm Websphere Application Server 3.5.2

  • Ibm Websphere Application Server 3.5.3


References

BID - 3682

BUGTRAQ - 20011213 IBM WebSphere on UNIX security alert !

XF - websphere-java-plaintext-passwords(7698)


Last Updated: 27 May 2016 10:36:34