Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2956

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-2956
Last Modified 25 Aug 2009 12:00:00
Published 24 Aug 2009 11:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2956

Summary

The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files.

Vulnerable Systems

Application

  • Ibm Websphere Commerce Suite


References

XF - rational-websphere-config-info-disclosure(52616)


Last Updated: 27 May 2016 10:51:04