CVE-2005-0425

{"id": "CVE-2005-0425", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-05-02T04:00:00.000", "references": [{"url": "http://secunia.com/advisories/14274", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24008814", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24008815", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/14274", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24008814", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24008815", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine."}, {"lang": "es", "value": "Vulnerabilidad desconocida en IBM Websphere Application Server 5.0, 5.1, y 6.0 cuando es ejecutado en Windows, permite a atacantes remotos obtener el c\u00f3digo fuente de Java Server Pages (.jsp) mediante una URL alterada que hace que la p\u00e1gina sea procesada por el fichero que sirve el servlet en lugar de por el motor JSP."}], "lastModified": "2024-11-20T23:55:05.790", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_application_server:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F4DC6FE-BBB4-45AA-8A5F-F204E798DF07"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66DB2053-6DFD-4FF6-A6E9-444281531E24"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01F45BA3-6504-47AF-B757-7B6D3526FBF6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}