Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2956


Vulnerability Score 5.0 5.0
CVE Id CVE-2009-2956
Last Modified 25 Aug 2009 12:00:00
Published 24 Aug 2009 11:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files.

Vulnerable Systems


  • Ibm Websphere Commerce Suite


XF - rational-websphere-config-info-disclosure(52616)

Last Updated: 27 May 2016 10:51:04