Lucene search

[email protected]CVE-2009-1898

HistoryJun 03, 2009 - 5:00 p.m.

CVE-2009-1898

2009-06-0317:00:00

CWE-200

[email protected]

web.nvd.nist.gov

ibm

websphere

application server

was

security

cve-2009-1898

session sniffing

network vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.5%

JSON

The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network.

Affected configurations

NVD

Node

ibmwebsphere_application_serverRange≤6.0.2.33

ibmwebsphere_application_serverMatch6.0.2

ibmwebsphere_application_serverMatch6.0.2.1

ibmwebsphere_application_serverMatch6.0.2.2

ibmwebsphere_application_serverMatch6.0.2.3

ibmwebsphere_application_serverMatch6.0.2.4

ibmwebsphere_application_serverMatch6.0.2.5

ibmwebsphere_application_serverMatch6.0.2.6

ibmwebsphere_application_serverMatch6.0.2.7

ibmwebsphere_application_serverMatch6.0.2.8

ibmwebsphere_application_serverMatch6.0.2.9

ibmwebsphere_application_serverMatch6.0.2.10

ibmwebsphere_application_serverMatch6.0.2.11

ibmwebsphere_application_serverMatch6.0.2.12

ibmwebsphere_application_serverMatch6.0.2.13

ibmwebsphere_application_serverMatch6.0.2.14

ibmwebsphere_application_serverMatch6.0.2.15

ibmwebsphere_application_serverMatch6.0.2.16

ibmwebsphere_application_serverMatch6.0.2.17

ibmwebsphere_application_serverMatch6.0.2.18

ibmwebsphere_application_serverMatch6.0.2.19

ibmwebsphere_application_serverMatch6.0.2.20

ibmwebsphere_application_serverMatch6.0.2.21

ibmwebsphere_application_serverMatch6.0.2.22

ibmwebsphere_application_serverMatch6.0.2.23

ibmwebsphere_application_serverMatch6.0.2.24

ibmwebsphere_application_serverMatch6.0.2.25

ibmwebsphere_application_serverMatch6.0.2.27

ibmwebsphere_application_serverMatch6.0.2.28

ibmwebsphere_application_serverMatch6.0.2.29

ibmwebsphere_application_serverMatch6.0.2.30

ibmwebsphere_application_serverMatch6.0.2.31

ibmwebsphere_application_serverMatch6.0.2.32

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application serverle6.0.2.33
ibm:websphere_application_serveribm websphere application servereq6.0.2
ibm:websphere_application_serveribm websphere application servereq6.0.2.1
ibm:websphere_application_serveribm websphere application servereq6.0.2.2
ibm:websphere_application_serveribm websphere application servereq6.0.2.3
ibm:websphere_application_serveribm websphere application servereq6.0.2.4
ibm:websphere_application_serveribm websphere application servereq6.0.2.5
ibm:websphere_application_serveribm websphere application servereq6.0.2.6
ibm:websphere_application_serveribm websphere application servereq6.0.2.7
ibm:websphere_application_serveribm websphere application servereq6.0.2.8

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	le	6.0.2.33
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.1
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.2
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.3
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.4
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.5
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.6
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.7
ibm:websphere_application_server	ibm websphere application server	eq	6.0.2.8

Rows per page:

1-10 of 331

References

secunia.com/advisories/35301

www-01.ibm.com/support/docview.wss?uid=swg27006876

www-1.ibm.com/support/docview.wss?uid=swg1PK77010

www.securityfocus.com/bid/35405

www.vupen.com/english/advisories/2009/1464

exchange.xforce.ibmcloud.com/vulnerabilities/51170

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.5%

JSON

Related for CVE-2009-1898

prion1 cvelist1 nvd1 nessus2