Lucene search

[email protected]CVE-2006-3231

HistoryJun 27, 2006 - 10:05 a.m.

CVE-2006-3231

2006-06-2710:05:00

[email protected]

web.nvd.nist.gov

ibm

websphere

application server

cve-2006-3231

vulnerability

fileservingenabled

remote attackers

jsp

uris

special characters

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.1%

JSON

Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via “URIs with special characters.”

Affected configurations

NVD

Node

ibmwebsphere_application_serverMatch2.0

ibmwebsphere_application_serverMatch3.0

ibmwebsphere_application_serverMatch3.0.2

ibmwebsphere_application_serverMatch3.0.2.1

ibmwebsphere_application_serverMatch3.0.2.2

ibmwebsphere_application_serverMatch3.0.2.3

ibmwebsphere_application_serverMatch3.0.2.4

ibmwebsphere_application_serverMatch3.5

ibmwebsphere_application_serverMatch3.5.1

ibmwebsphere_application_serverMatch3.5.2

ibmwebsphere_application_serverMatch3.5.3

ibmwebsphere_application_serverMatch4.0.3

ibmwebsphere_application_serverMatch4.0.4

ibmwebsphere_application_serverMatch5.0

ibmwebsphere_application_serverMatch5.0.1

ibmwebsphere_application_serverMatch5.0.2

ibmwebsphere_application_serverMatch5.0.2.1

ibmwebsphere_application_serverMatch5.0.2.2

ibmwebsphere_application_serverMatch5.0.2.3

ibmwebsphere_application_serverMatch5.0.2.4

ibmwebsphere_application_serverMatch5.0.2.5

ibmwebsphere_application_serverMatch5.0.2.6

ibmwebsphere_application_serverMatch5.0.2.7

ibmwebsphere_application_serverMatch5.0.2.8

ibmwebsphere_application_serverMatch5.0.2.9

ibmwebsphere_application_serverMatch5.0.2.10

ibmwebsphere_application_serverMatch5.0.2.11

ibmwebsphere_application_serverMatch5.0.2.12

ibmwebsphere_application_serverMatch5.0.2.13

ibmwebsphere_application_serverMatch5.0.2.14

ibmwebsphere_application_serverMatch5.0.2.15

ibmwebsphere_application_serverMatch5.0.2.16

ibmwebsphere_application_serverMatch5.1.0

ibmwebsphere_application_serverMatch5.1.0.2

ibmwebsphere_application_serverMatch5.1.0.4

ibmwebsphere_application_serverMatch5.1.0.5

ibmwebsphere_application_serverMatch5.1.1

ibmwebsphere_application_serverMatch5.1.1.1

ibmwebsphere_application_serverMatch5.1.1.2

ibmwebsphere_application_serverMatch5.1.1.3

ibmwebsphere_application_serverMatch5.1.1.4

ibmwebsphere_application_serverMatch5.1.1.5

ibmwebsphere_application_serverMatch5.1.1.6

ibmwebsphere_application_serverMatch5.1.1.7

ibmwebsphere_application_serverMatch5.1.1.8

ibmwebsphere_application_serverMatch5.1.1.9

ibmwebsphere_application_serverMatch5.1.1.10

ibmwebsphere_application_serverMatch6.0

ibmwebsphere_application_serverMatch6.0.2

ibmwebsphere_application_serverMatch6.0.2.9

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq2.0
ibm:websphere_application_serveribm websphere application servereq3.0
ibm:websphere_application_serveribm websphere application servereq3.0.2
ibm:websphere_application_serveribm websphere application servereq3.0.2.1
ibm:websphere_application_serveribm websphere application servereq3.0.2.2
ibm:websphere_application_serveribm websphere application servereq3.0.2.3
ibm:websphere_application_serveribm websphere application servereq3.0.2.4
ibm:websphere_application_serveribm websphere application servereq3.5
ibm:websphere_application_serveribm websphere application servereq3.5.1
ibm:websphere_application_serveribm websphere application servereq3.5.2

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	2.0
ibm:websphere_application_server	ibm websphere application server	eq	3.0
ibm:websphere_application_server	ibm websphere application server	eq	3.0.2
ibm:websphere_application_server	ibm websphere application server	eq	3.0.2.1
ibm:websphere_application_server	ibm websphere application server	eq	3.0.2.2
ibm:websphere_application_server	ibm websphere application server	eq	3.0.2.3
ibm:websphere_application_server	ibm websphere application server	eq	3.0.2.4
ibm:websphere_application_server	ibm websphere application server	eq	3.5
ibm:websphere_application_server	ibm websphere application server	eq	3.5.1
ibm:websphere_application_server	ibm websphere application server	eq	3.5.2

Rows per page:

1-10 of 501

References

secunia.com/advisories/20732

secunia.com/advisories/24478

www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876

www-1.ibm.com/support/docview.wss?uid=swg21243541

www.securityfocus.com/bid/18578

www.securityfocus.com/bid/22991

www.vupen.com/english/advisories/2006/2482

www.vupen.com/english/advisories/2007/0970

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.1%

JSON

Related for CVE-2006-3231

nvd1 cvelist1