CVE-2009-0508

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-0508
The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://secunia.com/advisories/34283 Vendor Advisory
http://secunia.com/advisories/34876 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24022456 Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PK81387
http://www-01.ibm.com/support/docview.wss?uid=swg21380233 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21380376 Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg27006876 Patch
http://www.securityfocus.com/bid/34104
http://www.vupen.com/english/advisories/2009/0704 Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/1188 Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/1464 Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/49085
http://secunia.com/advisories/34283 Vendor Advisory
http://secunia.com/advisories/34876 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24022456 Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1PK81387
http://www-01.ibm.com/support/docview.wss?uid=swg21380233 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21380376 Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg27006876 Patch
http://www.securityfocus.com/bid/34104
http://www.vupen.com/english/advisories/2009/0704 Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/1188 Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/1464 Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/49085
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.1.19:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.15:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.17:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.19:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.21:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.23:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.25:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.27:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.29:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.31:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0.2.33:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.13:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.19:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.1.0.21:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*
History

21 Nov 2024, 01:00

Type Values Removed Values Added
References () http://secunia.com/advisories/34283 - Vendor Advisory () http://secunia.com/advisories/34283 - Vendor Advisory
References () http://secunia.com/advisories/34876 - Vendor Advisory () http://secunia.com/advisories/34876 - Vendor Advisory
References () http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24022456 - Patch, Vendor Advisory () http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24022456 - Patch, Vendor Advisory
References () http://www-01.ibm.com/support/docview.wss?uid=swg1PK81387 - () http://www-01.ibm.com/support/docview.wss?uid=swg1PK81387 -
References () http://www-01.ibm.com/support/docview.wss?uid=swg21380233 - Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=swg21380233 - Vendor Advisory
References () http://www-01.ibm.com/support/docview.wss?uid=swg21380376 - Patch, Vendor Advisory () http://www-01.ibm.com/support/docview.wss?uid=swg21380376 - Patch, Vendor Advisory
References () http://www-01.ibm.com/support/docview.wss?uid=swg27006876 - Patch () http://www-01.ibm.com/support/docview.wss?uid=swg27006876 - Patch
References () http://www.securityfocus.com/bid/34104 - () http://www.securityfocus.com/bid/34104 -
References () http://www.vupen.com/english/advisories/2009/0704 - Patch, Vendor Advisory () http://www.vupen.com/english/advisories/2009/0704 - Patch, Vendor Advisory
References () http://www.vupen.com/english/advisories/2009/1188 - Patch, Vendor Advisory () http://www.vupen.com/english/advisories/2009/1188 - Patch, Vendor Advisory
References () http://www.vupen.com/english/advisories/2009/1464 - Patch, Vendor Advisory () http://www.vupen.com/english/advisories/2009/1464 - Patch, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/49085 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/49085 -
Information

Published : 2009-03-16 19:30

Updated : 2024-11-21 01:00

NVD link : CVE-2009-0508

Mitre link : CVE-2009-0508

CVE.ORG link : CVE-2009-0508

JSON object : View

Products Affected

ibm

  • websphere_application_server
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024