Lucene search

[email protected]CVE-2009-0436

HistoryFeb 10, 2009 - 10:30 p.m.

CVE-2009-0436

2009-02-1022:30:00

CWE-264

[email protected]

web.nvd.nist.gov

ibm

http server

mod_ibm_ssl

mod_cgid

af_unix

cve-2009-0436

websphere application server

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.8%

JSON

The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server (WAS), set incorrect permissions for AF_UNIX sockets, which has unknown impact and local attack vectors.

Affected configurations

NVD

Node

ibmwebsphere_application_serverMatch6.0

ibmwebsphere_application_serverMatch6.0.0.1

ibmwebsphere_application_serverMatch6.0.0.2

ibmwebsphere_application_serverMatch6.0.0.3

ibmwebsphere_application_serverMatch6.0.1

ibmwebsphere_application_serverMatch6.0.1.1

ibmwebsphere_application_serverMatch6.0.1.2

ibmwebsphere_application_serverMatch6.0.1.3

ibmwebsphere_application_serverMatch6.0.1.5

ibmwebsphere_application_serverMatch6.0.1.7

ibmwebsphere_application_serverMatch6.0.1.9

ibmwebsphere_application_serverMatch6.0.1.11

ibmwebsphere_application_serverMatch6.0.1.13

ibmwebsphere_application_serverMatch6.0.1.15

ibmwebsphere_application_serverMatch6.0.1.17

ibmwebsphere_application_serverMatch6.0.2

ibmwebsphere_application_serverMatch6.0.2.1

ibmwebsphere_application_serverMatch6.0.2.2

ibmwebsphere_application_serverMatch6.0.2.3

ibmwebsphere_application_serverMatch6.0.2.4

ibmwebsphere_application_serverMatch6.0.2.5

ibmwebsphere_application_serverMatch6.0.2.6

ibmwebsphere_application_serverMatch6.0.2.7

ibmwebsphere_application_serverMatch6.0.2.9

ibmwebsphere_application_serverMatch6.0.2.11

ibmwebsphere_application_serverMatch6.0.2.13

ibmwebsphere_application_serverMatch6.0.2.15

ibmwebsphere_application_serverMatch6.0.2.17

ibmwebsphere_application_serverMatch6.0.2.19

ibmwebsphere_application_serverMatch6.0.2.22

ibmwebsphere_application_serverMatch6.0.2.23

ibmwebsphere_application_serverMatch6.0.2.24

ibmwebsphere_application_serverMatch6.0.2.25

ibmwebsphere_application_serverMatch6.0.2.27

ibmwebsphere_application_serverMatch6.0.2.28

ibmwebsphere_application_serverMatch6.0.2.29

ibmwebsphere_application_serverMatch6.0.2.30

ibmwebsphere_application_serverMatch6.1

ibmwebsphere_application_serverMatch6.1.0

ibmwebsphere_application_serverMatch6.1.0.0

ibmwebsphere_application_serverMatch6.1.0.1

ibmwebsphere_application_serverMatch6.1.0.2

ibmwebsphere_application_serverMatch6.1.0.3

ibmwebsphere_application_serverMatch6.1.0.4

ibmwebsphere_application_serverMatch6.1.0.5

ibmwebsphere_application_serverMatch6.1.0.6

ibmwebsphere_application_serverMatch6.1.0.7

ibmwebsphere_application_serverMatch6.1.0.8

ibmwebsphere_application_serverMatch6.1.0.9

ibmwebsphere_application_serverMatch6.1.0.10

ibmwebsphere_application_serverMatch6.1.0.11

ibmwebsphere_application_serverMatch6.1.0.12

ibmwebsphere_application_serverMatch6.1.0.13

ibmwebsphere_application_serverMatch6.1.0.14

ibmwebsphere_application_serverMatch6.1.0.15

ibmwebsphere_application_serverMatch6.1.0.16

ibmwebsphere_application_serverMatch6.1.0.17

ibmwebsphere_application_serverMatch6.1.0.18

ibmwebsphere_application_serverMatch6.1.13

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq6.0
ibm:websphere_application_serveribm websphere application servereq6.0.0.1
ibm:websphere_application_serveribm websphere application servereq6.0.0.2
ibm:websphere_application_serveribm websphere application servereq6.0.0.3
ibm:websphere_application_serveribm websphere application servereq6.0.1
ibm:websphere_application_serveribm websphere application servereq6.0.1.1
ibm:websphere_application_serveribm websphere application servereq6.0.1.2
ibm:websphere_application_serveribm websphere application servereq6.0.1.3
ibm:websphere_application_serveribm websphere application servereq6.0.1.5
ibm:websphere_application_serveribm websphere application servereq6.0.1.7

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	6.0
ibm:websphere_application_server	ibm websphere application server	eq	6.0.0.1
ibm:websphere_application_server	ibm websphere application server	eq	6.0.0.2
ibm:websphere_application_server	ibm websphere application server	eq	6.0.0.3
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1.1
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1.2
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1.3
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1.5
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1.7

Rows per page:

1-10 of 591

References

www-01.ibm.com/support/docview.wss?uid=swg27006876

www-01.ibm.com/support/docview.wss?uid=swg27007033

www-01.ibm.com/support/docview.wss?uid=swg27007951

www-01.ibm.com/support/docview.wss?uid=swg27008517

www-1.ibm.com/support/docview.wss?uid=swg1PK66154

www.securityfocus.com/bid/33700

exchange.xforce.ibmcloud.com/vulnerabilities/48526

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.8%

JSON

Related for CVE-2009-0436

prion1 cvelist1 nvd1