Lucene search

[email protected]CVE-2005-4833

HistoryMar 20, 2007 - 10:00 a.m.

CVE-2005-4833

2007-03-2010:00:00

[email protected]

web.nvd.nist.gov

ibm

websphere

application server

was

6.0

jsp

source code exposure

vulnerability

nvd

cve-2005-4833

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.4%

JSON

IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via “a specific JSP URL,” related to lack of normalization of the URL format.

Affected configurations

NVD

Node

ibmwebsphere_application_serverMatch6.0

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq6.0

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	6.0

References

osvdb.org/34177

secunia.com/advisories/24478

www-1.ibm.com/support/docview.wss?uid=swg21243541

www-1.ibm.com/support/docview.wss?uid=swg24008815

www.securityfocus.com/bid/22991

www.vupen.com/english/advisories/2007/0970

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.4%

JSON

Related for CVE-2005-4833

cvelist1 nvd1