Lucene search

[email protected]CVE-2009-0434

HistoryFeb 10, 2009 - 10:30 p.m.

CVE-2009-0434

2009-02-1022:30:00

CWE-200

[email protected]

web.nvd.nist.gov

ibm websphere

app server

perfservlet

pmi

performance tools

cve-2009-0434

nvd

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

5.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.9%

JSON

PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2008-5413.

Affected configurations

NVD

Node

ibmwebsphere_application_serverMatch6.0

ibmwebsphere_application_serverMatch6.0.0.1

ibmwebsphere_application_serverMatch6.0.0.2

ibmwebsphere_application_serverMatch6.0.0.3

ibmwebsphere_application_serverMatch6.0.1

ibmwebsphere_application_serverMatch6.0.1.1

ibmwebsphere_application_serverMatch6.0.1.2

ibmwebsphere_application_serverMatch6.0.1.3

ibmwebsphere_application_serverMatch6.0.1.5

ibmwebsphere_application_serverMatch6.0.1.7

ibmwebsphere_application_serverMatch6.0.1.9

ibmwebsphere_application_serverMatch6.0.1.11

ibmwebsphere_application_serverMatch6.0.1.13

ibmwebsphere_application_serverMatch6.0.1.15

ibmwebsphere_application_serverMatch6.0.1.17

ibmwebsphere_application_serverMatch6.0.2

ibmwebsphere_application_serverMatch6.0.2.1

ibmwebsphere_application_serverMatch6.0.2.2

ibmwebsphere_application_serverMatch6.0.2.3

ibmwebsphere_application_serverMatch6.0.2.4

ibmwebsphere_application_serverMatch6.0.2.5

ibmwebsphere_application_serverMatch6.0.2.6

ibmwebsphere_application_serverMatch6.0.2.7

ibmwebsphere_application_serverMatch6.0.2.9

ibmwebsphere_application_serverMatch6.0.2.11

ibmwebsphere_application_serverMatch6.0.2.13

ibmwebsphere_application_serverMatch6.0.2.15

ibmwebsphere_application_serverMatch6.0.2.17

ibmwebsphere_application_serverMatch6.0.2.19

ibmwebsphere_application_serverMatch6.0.2.22

ibmwebsphere_application_serverMatch6.0.2.23

ibmwebsphere_application_serverMatch6.0.2.24

ibmwebsphere_application_serverMatch6.0.2.25

ibmwebsphere_application_serverMatch6.0.2.27

ibmwebsphere_application_serverMatch6.0.2.28

ibmwebsphere_application_serverMatch6.0.2.29

ibmwebsphere_application_serverMatch6.0.2.30

ibmwebsphere_application_serverMatch6.0.2.31

ibmwebsphere_application_serverMatch6.1

ibmwebsphere_application_serverMatch6.1.0

ibmwebsphere_application_serverMatch6.1.0.0

ibmwebsphere_application_serverMatch6.1.0.1

ibmwebsphere_application_serverMatch6.1.0.2

ibmwebsphere_application_serverMatch6.1.0.10

ibmwebsphere_application_serverMatch6.1.0.11

ibmwebsphere_application_serverMatch6.1.0.12

ibmwebsphere_application_serverMatch6.1.0.13

ibmwebsphere_application_serverMatch6.1.0.14

ibmwebsphere_application_serverMatch6.1.0.15

ibmwebsphere_application_serverMatch6.1.0.16

ibmwebsphere_application_serverMatch6.1.0.17

ibmwebsphere_application_serverMatch6.1.0.18

ibmwebsphere_application_serverMatch6.1.0.19

ibmwebsphere_application_serverMatch6.1.0.20

ibmwebsphere_application_serverMatch6.1.0.21

ibmwebsphere_application_serverMatch7.0

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq6.0
ibm:websphere_application_serveribm websphere application servereq6.0.0.1
ibm:websphere_application_serveribm websphere application servereq6.0.0.2
ibm:websphere_application_serveribm websphere application servereq6.0.0.3
ibm:websphere_application_serveribm websphere application servereq6.0.1
ibm:websphere_application_serveribm websphere application servereq6.0.1.1
ibm:websphere_application_serveribm websphere application servereq6.0.1.2
ibm:websphere_application_serveribm websphere application servereq6.0.1.3
ibm:websphere_application_serveribm websphere application servereq6.0.1.5
ibm:websphere_application_serveribm websphere application servereq6.0.1.7

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	6.0
ibm:websphere_application_server	ibm websphere application server	eq	6.0.0.1
ibm:websphere_application_server	ibm websphere application server	eq	6.0.0.2
ibm:websphere_application_server	ibm websphere application server	eq	6.0.0.3
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1.1
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1.2
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1.3
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1.5
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1.7

Rows per page:

1-10 of 561

References

www-01.ibm.com/support/docview.wss?uid=swg27006876

www-01.ibm.com/support/docview.wss?uid=swg27007951

www-01.ibm.com/support/docview.wss?uid=swg27014463

www-1.ibm.com/support/docview.wss?uid=swg1PK63886

www-1.ibm.com/support/docview.wss?uid=swg1PK79230

www.securityfocus.com/bid/33700

www.vupen.com/english/advisories/2009/0423

exchange.xforce.ibmcloud.com/vulnerabilities/48524

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

5.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.9%

JSON

Related for CVE-2009-0434

prion2 cvelist2 nvd2 cve1 nessus3 seebug1