CVE-2005-3498

IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-11-04 00:02

Updated : 2024-02-28 10:42


NVD link : CVE-2005-3498

Mitre link : CVE-2005-3498

CVE.ORG link : CVE-2005-3498


JSON object : View

Products Affected

ibm

  • websphere_application_server
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor