SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests.
References
Link | Resource |
---|---|
http://www-1.ibm.com/support/docview.wss?uid=swg24013029 | Patch Vendor Advisory |
http://www-1.ibm.com/support/docview.wss?uid=swg24013029 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 00:24
Type | Values Removed | Values Added |
---|---|---|
References | () http://www-1.ibm.com/support/docview.wss?uid=swg24013029 - Patch, Vendor Advisory |
Information
Published : 2007-03-20 10:19
Updated : 2024-11-21 00:24
NVD link : CVE-2006-7164
Mitre link : CVE-2006-7164
CVE.ORG link : CVE-2006-7164
JSON object : View
Products Affected
linux
- linux_kernel
unix
- unix
ibm
- websphere_application_server
CWE