Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2170

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-2170
Last Modified 20 Jun 2012 12:00:00
Published 20 Jun 2012 06:27:28
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2170

Summary

The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request information via a direct request.

Vulnerable Systems

Application

  • Ibm Websphere Application Server 7.0

  • Ibm Websphere Application Server 7.0.0.1

  • Ibm Websphere Application Server 7.0.0.11

  • Ibm Websphere Application Server 7.0.0.13

  • Ibm Websphere Application Server 7.0.0.15

  • Ibm Websphere Application Server 7.0.0.17

  • Ibm Websphere Application Server 7.0.0.19

  • Ibm Websphere Application Server 7.0.0.2

  • Ibm Websphere Application Server 7.0.0.21

  • Ibm Websphere Application Server 7.0.0.3

  • Ibm Websphere Application Server 7.0.0.4

  • Ibm Websphere Application Server 7.0.0.5

  • Ibm Websphere Application Server 7.0.0.6

  • Ibm Websphere Application Server 7.0.0.7

  • Ibm Websphere Application Server 7.0.0.8

  • Ibm Websphere Application Server 7.0.0.9


References

XF - was-snoop-info-disclosure(75234)

CONFIRM - http://www.ibm.com/support/docview.wss?uid=swg21595172


Last Updated: 27 May 2016 10:57:32