Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0508

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-0508
Last Modified 05 Jun 2009 12:00:00
Published 16 Mar 2009 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0508

Summary

The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console.

Vulnerable Systems

Application

  • Ibm Websphere Application Server 5.1.0

  • Ibm Websphere Application Server 5.1.1.19

  • Ibm Websphere Application Server 6.0.2

  • Ibm Websphere Application Server 6.0.2.1

  • Ibm Websphere Application Server 6.0.2.11

  • Ibm Websphere Application Server 6.0.2.15

  • Ibm Websphere Application Server 6.0.2.17

  • Ibm Websphere Application Server 6.0.2.19

  • Ibm Websphere Application Server 6.0.2.21

  • Ibm Websphere Application Server 6.0.2.23

  • Ibm Websphere Application Server 6.0.2.25

  • Ibm Websphere Application Server 6.0.2.27

  • Ibm Websphere Application Server 6.0.2.29

  • Ibm Websphere Application Server 6.0.2.3

  • Ibm Websphere Application Server 6.0.2.31

  • Ibm Websphere Application Server 6.0.2.33

  • Ibm Websphere Application Server 6.0.2.5

  • Ibm Websphere Application Server 6.0.2.7

  • Ibm Websphere Application Server 6.0.2.9

  • Ibm Websphere Application Server 6.1

  • Ibm Websphere Application Server 6.1.0.1

  • Ibm Websphere Application Server 6.1.0.11

  • Ibm Websphere Application Server 6.1.0.13

  • Ibm Websphere Application Server 6.1.0.15

  • Ibm Websphere Application Server 6.1.0.17

  • Ibm Websphere Application Server 6.1.0.19

  • Ibm Websphere Application Server 6.1.0.2

  • Ibm Websphere Application Server 6.1.0.21

  • Ibm Websphere Application Server 6.1.0.3

  • Ibm Websphere Application Server 6.1.0.5

  • Ibm Websphere Application Server 6.1.0.7

  • Ibm Websphere Application Server 6.1.0.9

  • Ibm Websphere Application Server 7.0

  • Ibm Websphere Application Server 7.0.0.1


References

VUPEN - ADV-2009-1464

VUPEN - ADV-2009-1188

VUPEN - ADV-2009-0704

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg27006876

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21380376

CONFIRM - http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24022456

XF - websphere-web-app-information-disclosure(49085)

BID - 34104

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21380233

SECUNIA - 34876

SECUNIA - 34283


Last Updated: 27 May 2016 10:50:16