Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0434

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2009-0434
Last Modified 07 Mar 2011 10:18:29
Published 10 Feb 2009 05:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0434

Summary

PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2008-5413.

Vulnerable Systems

Application

  • Ibm Websphere Application Server 6.0

  • Ibm Websphere Application Server 6.0.0.1

  • Ibm Websphere Application Server 6.0.0.2

  • Ibm Websphere Application Server 6.0.0.3

  • Ibm Websphere Application Server 6.0.1

  • Ibm Websphere Application Server 6.0.1.1

  • Ibm Websphere Application Server 6.0.1.11

  • Ibm Websphere Application Server 6.0.1.13

  • Ibm Websphere Application Server 6.0.1.15

  • Ibm Websphere Application Server 6.0.1.17

  • Ibm Websphere Application Server 6.0.1.2

  • Ibm Websphere Application Server 6.0.1.3

  • Ibm Websphere Application Server 6.0.1.5

  • Ibm Websphere Application Server 6.0.1.7

  • Ibm Websphere Application Server 6.0.1.9

  • Ibm Websphere Application Server 6.0.2

  • Ibm Websphere Application Server 6.0.2.1

  • Ibm Websphere Application Server 6.0.2.11

  • Ibm Websphere Application Server 6.0.2.13

  • Ibm Websphere Application Server 6.0.2.15

  • Ibm Websphere Application Server 6.0.2.17

  • Ibm Websphere Application Server 6.0.2.19

  • Ibm Websphere Application Server 6.0.2.2

  • Ibm Websphere Application Server 6.0.2.22

  • Ibm Websphere Application Server 6.0.2.23

  • Ibm Websphere Application Server 6.0.2.24

  • Ibm Websphere Application Server 6.0.2.25

  • Ibm Websphere Application Server 6.0.2.27

  • Ibm Websphere Application Server 6.0.2.28

  • Ibm Websphere Application Server 6.0.2.29

  • Ibm Websphere Application Server 6.0.2.3

  • Ibm Websphere Application Server 6.0.2.30

  • Ibm Websphere Application Server 6.0.2.31

  • Ibm Websphere Application Server 6.0.2.4

  • Ibm Websphere Application Server 6.0.2.5

  • Ibm Websphere Application Server 6.0.2.6

  • Ibm Websphere Application Server 6.0.2.7

  • Ibm Websphere Application Server 6.0.2.9

  • Ibm Websphere Application Server 6.1

  • Ibm Websphere Application Server 6.1.0

  • Ibm Websphere Application Server 6.1.0.0

  • Ibm Websphere Application Server 6.1.0.1

  • Ibm Websphere Application Server 6.1.0.10

  • Ibm Websphere Application Server 6.1.0.11

  • Ibm Websphere Application Server 6.1.0.12

  • Ibm Websphere Application Server 6.1.0.13

  • Ibm Websphere Application Server 6.1.0.14

  • Ibm Websphere Application Server 6.1.0.15

  • Ibm Websphere Application Server 6.1.0.16

  • Ibm Websphere Application Server 6.1.0.17

  • Ibm Websphere Application Server 6.1.0.18

  • Ibm Websphere Application Server 6.1.0.19

  • Ibm Websphere Application Server 6.1.0.2

  • Ibm Websphere Application Server 6.1.0.20

  • Ibm Websphere Application Server 6.1.0.21

  • Ibm Websphere Application Server 7.0


References

XF - websphere-pmi-information-disclosure(48524)

VUPEN - ADV-2009-0423

BID - 33700

AIXAPAR - PK79230

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg27014463

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg27007951

MISC - http://www-01.ibm.com/support/docview.wss?uid=swg27006876


Last Updated: 27 May 2016 10:50:14