Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1898

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-1898
Last Modified 24 Jun 2009 01:34:34
Published 03 Jun 2009 01:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1898

Summary

The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network.

Vulnerable Systems

Application

  • Ibm Websphere Application Server 6.0.2

  • Ibm Websphere Application Server 6.0.2.1

  • Ibm Websphere Application Server 6.0.2.10

  • Ibm Websphere Application Server 6.0.2.11

  • Ibm Websphere Application Server 6.0.2.12

  • Ibm Websphere Application Server 6.0.2.13

  • Ibm Websphere Application Server 6.0.2.14

  • Ibm Websphere Application Server 6.0.2.15

  • Ibm Websphere Application Server 6.0.2.16

  • Ibm Websphere Application Server 6.0.2.17

  • Ibm Websphere Application Server 6.0.2.18

  • Ibm Websphere Application Server 6.0.2.19

  • Ibm Websphere Application Server 6.0.2.2

  • Ibm Websphere Application Server 6.0.2.20

  • Ibm Websphere Application Server 6.0.2.21

  • Ibm Websphere Application Server 6.0.2.22

  • Ibm Websphere Application Server 6.0.2.23

  • Ibm Websphere Application Server 6.0.2.24

  • Ibm Websphere Application Server 6.0.2.25

  • Ibm Websphere Application Server 6.0.2.27

  • Ibm Websphere Application Server 6.0.2.28

  • Ibm Websphere Application Server 6.0.2.29

  • Ibm Websphere Application Server 6.0.2.3

  • Ibm Websphere Application Server 6.0.2.30

  • Ibm Websphere Application Server 6.0.2.31

  • Ibm Websphere Application Server 6.0.2.32

  • Ibm Websphere Application Server 6.0.2.33

  • Ibm Websphere Application Server 6.0.2.4

  • Ibm Websphere Application Server 6.0.2.5

  • Ibm Websphere Application Server 6.0.2.6

  • Ibm Websphere Application Server 6.0.2.7

  • Ibm Websphere Application Server 6.0.2.8

  • Ibm Websphere Application Server 6.0.2.9


References

VUPEN - ADV-2009-1464

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg27006876

XF - was-securelogin-info-disclosure(51170)

BID - 35405

SECUNIA - 35301


Last Updated: 27 May 2016 10:50:42