Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2743

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2009-2743
Last Modified 30 Dec 2010 12:00:00
Published 21 Sep 2009 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2009-2743

Summary

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure Data Capture (FFDC) log file.

Vulnerable Systems

Application

  • Ibm Websphere Application Server 6.1

  • Ibm Websphere Application Server 6.1.0.1

  • Ibm Websphere Application Server 6.1.0.11

  • Ibm Websphere Application Server 6.1.0.13

  • Ibm Websphere Application Server 6.1.0.15

  • Ibm Websphere Application Server 6.1.0.17

  • Ibm Websphere Application Server 6.1.0.19

  • Ibm Websphere Application Server 6.1.0.2

  • Ibm Websphere Application Server 6.1.0.21

  • Ibm Websphere Application Server 6.1.0.23

  • Ibm Websphere Application Server 6.1.0.25

  • Ibm Websphere Application Server 6.1.0.3

  • Ibm Websphere Application Server 6.1.0.5

  • Ibm Websphere Application Server 6.1.0.7

  • Ibm Websphere Application Server 6.1.0.9

  • Ibm Websphere Application Server 7.0

  • Ibm Websphere Application Server 7.0.0.1

  • Ibm Websphere Application Server 7.0.0.2

  • Ibm Websphere Application Server 7.0.0.3

  • Ibm Websphere Application Server 7.0.0.4

  • Ibm Websphere Application Server 7.0.0.5

  • Ibm Websphere Application Server 7.0.0.6


References

MISC - http://www-01.ibm.com/support/docview.wss?uid=swg27007951

XF - was-wsadmin-jaasj2c-information-disclosure(53343)

VUPEN - ADV-2009-2721

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg27014463

SECUNIA - 37796


Last Updated: 27 May 2016 10:51:00