Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3498

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-3498
Last Modified 07 Mar 2011 09:26:36
Published 03 Nov 2005 07:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3498

Summary

IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information.

Vulnerable Systems

Application

  • Ibm Websphere Application Server 5.0.2

  • Ibm Websphere Application Server 5.0.2.1

  • Ibm Websphere Application Server 5.0.2.10

  • Ibm Websphere Application Server 5.0.2.11

  • Ibm Websphere Application Server 5.0.2.12

  • Ibm Websphere Application Server 5.0.2.13

  • Ibm Websphere Application Server 5.0.2.14

  • Ibm Websphere Application Server 5.0.2.2

  • Ibm Websphere Application Server 5.0.2.3

  • Ibm Websphere Application Server 5.0.2.4

  • Ibm Websphere Application Server 5.0.2.5

  • Ibm Websphere Application Server 5.0.2.6

  • Ibm Websphere Application Server 5.0.2.7

  • Ibm Websphere Application Server 5.0.2.8

  • Ibm Websphere Application Server 5.0.2.9

  • Ibm Websphere Application Server 5.1.0

  • Ibm Websphere Application Server 5.1.1

  • Ibm Websphere Application Server 5.1.1.1

  • Ibm Websphere Application Server 5.1.1.2

  • Ibm Websphere Application Server 5.1.1.3

  • Ibm Websphere Application Server 5.1.1.4

  • Ibm Websphere Application Server 5.1.1.5

  • Ibm Websphere Application Server 5.1.1.6

  • Ibm Websphere Application Server 5.1.1.7

  • Ibm Websphere Application Server 6.0.0.1

  • Ibm Websphere Application Server 6.0.0.2

  • Ibm Websphere Application Server 6.0.0.3

  • Ibm Websphere Application Server 6.0.1

  • Ibm Websphere Application Server 6.0.1.2

  • Ibm Websphere Application Server 6.0.2

  • Ibm Websphere Application Server 6.0.2.1

  • Ibm Websphere Application Server 6.0.2.3

  • Ibm Websphere Application Server 6.0.2.4


References

VUPEN - ADV-2005-2291

BID - 15303

AIXAPAR - PK11017

CONFIRM - http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27004980

SECTRACK - 1015134


Last Updated: 27 May 2016 10:40:56