Lucene search

[email protected]CVE-2010-0777

HistoryMay 17, 2010 - 10:30 p.m.

CVE-2010-0777

2010-05-1722:30:01

CWE-20

[email protected]

web.nvd.nist.gov

ibm websphere

app server

cve-2010-0777

nvd

vulnerability

information disclosure

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.6%

JSON

The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file.

Affected configurations

NVD

Node

ibmwebsphere_application_serverMatch6.0

ibmwebsphere_application_serverMatch6.0.0.1

ibmwebsphere_application_serverMatch6.0.0.2

ibmwebsphere_application_serverMatch6.0.0.3

ibmwebsphere_application_serverMatch6.0.1

ibmwebsphere_application_serverMatch6.0.1.1

ibmwebsphere_application_serverMatch6.0.1.2

ibmwebsphere_application_serverMatch6.0.1.3

ibmwebsphere_application_serverMatch6.0.1.5

ibmwebsphere_application_serverMatch6.0.1.7

ibmwebsphere_application_serverMatch6.0.1.9

ibmwebsphere_application_serverMatch6.0.1.11

ibmwebsphere_application_serverMatch6.0.1.13

ibmwebsphere_application_serverMatch6.0.1.15

ibmwebsphere_application_serverMatch6.0.1.17

ibmwebsphere_application_serverMatch6.0.2

ibmwebsphere_application_serverMatch6.0.2.1

ibmwebsphere_application_serverMatch6.0.2.2

ibmwebsphere_application_serverMatch6.0.2.3

ibmwebsphere_application_serverMatch6.0.2.4

ibmwebsphere_application_serverMatch6.0.2.5

ibmwebsphere_application_serverMatch6.0.2.6

ibmwebsphere_application_serverMatch6.0.2.7

ibmwebsphere_application_serverMatch6.0.2.8

ibmwebsphere_application_serverMatch6.0.2.9

ibmwebsphere_application_serverMatch6.0.2.10

ibmwebsphere_application_serverMatch6.0.2.11

ibmwebsphere_application_serverMatch6.0.2.12

ibmwebsphere_application_serverMatch6.0.2.13

ibmwebsphere_application_serverMatch6.0.2.14

ibmwebsphere_application_serverMatch6.0.2.15

ibmwebsphere_application_serverMatch6.0.2.16

ibmwebsphere_application_serverMatch6.0.2.17

ibmwebsphere_application_serverMatch6.0.2.18

ibmwebsphere_application_serverMatch6.0.2.19

ibmwebsphere_application_serverMatch6.0.2.20

ibmwebsphere_application_serverMatch6.0.2.21

ibmwebsphere_application_serverMatch6.0.2.22

ibmwebsphere_application_serverMatch6.0.2.23

ibmwebsphere_application_serverMatch6.0.2.24

ibmwebsphere_application_serverMatch6.0.2.25

ibmwebsphere_application_serverMatch6.0.2.27

ibmwebsphere_application_serverMatch6.0.2.28

ibmwebsphere_application_serverMatch6.0.2.29

ibmwebsphere_application_serverMatch6.0.2.30

ibmwebsphere_application_serverMatch6.0.2.31

ibmwebsphere_application_serverMatch6.0.2.32

ibmwebsphere_application_serverMatch6.0.2.33

ibmwebsphere_application_serverMatch6.0.2.35

ibmwebsphere_application_serverMatch6.0.2.37

ibmwebsphere_application_serverMatch6.0.2.39

Node

ibmwebsphere_application_serverMatch6.1

ibmwebsphere_application_serverMatch6.1.0

ibmwebsphere_application_serverMatch6.1.0.0

ibmwebsphere_application_serverMatch6.1.0.1

ibmwebsphere_application_serverMatch6.1.0.2

ibmwebsphere_application_serverMatch6.1.0.3

ibmwebsphere_application_serverMatch6.1.0.5

ibmwebsphere_application_serverMatch6.1.0.7

ibmwebsphere_application_serverMatch6.1.0.9

ibmwebsphere_application_serverMatch6.1.0.11

ibmwebsphere_application_serverMatch6.1.0.13

ibmwebsphere_application_serverMatch6.1.0.15

ibmwebsphere_application_serverMatch6.1.0.17

ibmwebsphere_application_serverMatch6.1.0.19

ibmwebsphere_application_serverMatch6.1.0.21

ibmwebsphere_application_serverMatch6.1.0.23

ibmwebsphere_application_serverMatch6.1.0.25

ibmwebsphere_application_serverMatch6.1.0.27

ibmwebsphere_application_serverMatch6.1.0.29

Node

ibmwebsphere_application_serverMatch7.0

ibmwebsphere_application_serverMatch7.0.0.1

ibmwebsphere_application_serverMatch7.0.0.3

ibmwebsphere_application_serverMatch7.0.0.5

ibmwebsphere_application_serverMatch7.0.0.7

ibmwebsphere_application_serverMatch7.0.0.9

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq6.0
ibm:websphere_application_serveribm websphere application servereq6.0.0.1
ibm:websphere_application_serveribm websphere application servereq6.0.0.2
ibm:websphere_application_serveribm websphere application servereq6.0.0.3
ibm:websphere_application_serveribm websphere application servereq6.0.1
ibm:websphere_application_serveribm websphere application servereq6.0.1.1
ibm:websphere_application_serveribm websphere application servereq6.0.1.2
ibm:websphere_application_serveribm websphere application servereq6.0.1.3
ibm:websphere_application_serveribm websphere application servereq6.0.1.5
ibm:websphere_application_serveribm websphere application servereq6.0.1.7

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	6.0
ibm:websphere_application_server	ibm websphere application server	eq	6.0.0.1
ibm:websphere_application_server	ibm websphere application server	eq	6.0.0.2
ibm:websphere_application_server	ibm websphere application server	eq	6.0.0.3
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1.1
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1.2
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1.3
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1.5
ibm:websphere_application_server	ibm websphere application server	eq	6.0.1.7