Lucene search

MitreCVE-2010-1651

HistoryMay 03, 2010 - 1:51 p.m.

CVE-2010-1651

2010-05-0313:51:52

CWE-310

mitre

web.nvd.nist.gov

ibm

websphere

application server

was

sip

basic authentication

trace logging

cve-2010-1651

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

Percentile

5.1%

JSON

IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log.

Affected configurations

Nvd

Node

ibmwebsphere_application_serverMatch6.1

ibmwebsphere_application_serverMatch6.1.0

ibmwebsphere_application_serverMatch6.1.0.0

ibmwebsphere_application_serverMatch6.1.0.1

ibmwebsphere_application_serverMatch6.1.0.2

ibmwebsphere_application_serverMatch6.1.0.3

ibmwebsphere_application_serverMatch6.1.0.4

ibmwebsphere_application_serverMatch6.1.0.5

ibmwebsphere_application_serverMatch6.1.0.6

ibmwebsphere_application_serverMatch6.1.0.7

ibmwebsphere_application_serverMatch6.1.0.8

ibmwebsphere_application_serverMatch6.1.0.9

ibmwebsphere_application_serverMatch6.1.0.10

ibmwebsphere_application_serverMatch6.1.0.11

ibmwebsphere_application_serverMatch6.1.0.12

ibmwebsphere_application_serverMatch6.1.0.13

ibmwebsphere_application_serverMatch6.1.0.14

ibmwebsphere_application_serverMatch6.1.0.15

ibmwebsphere_application_serverMatch6.1.0.16

ibmwebsphere_application_serverMatch6.1.0.17

ibmwebsphere_application_serverMatch6.1.0.18

ibmwebsphere_application_serverMatch6.1.0.19

ibmwebsphere_application_serverMatch6.1.0.20

ibmwebsphere_application_serverMatch6.1.0.21

ibmwebsphere_application_serverMatch6.1.0.22

ibmwebsphere_application_serverMatch6.1.0.23

ibmwebsphere_application_serverMatch6.1.0.24

ibmwebsphere_application_serverMatch6.1.0.25

ibmwebsphere_application_serverMatch6.1.0.26

ibmwebsphere_application_serverMatch6.1.0.27

ibmwebsphere_application_serverMatch6.1.0.29

ibmwebsphere_application_serverMatch6.1.1

ibmwebsphere_application_serverMatch6.1.3

ibmwebsphere_application_serverMatch6.1.5

ibmwebsphere_application_serverMatch6.1.6

ibmwebsphere_application_serverMatch6.1.7

ibmwebsphere_application_serverMatch6.1.13

ibmwebsphere_application_serverMatch6.1.14

AND

ibmz\/os

Node

ibmwebsphere_application_serverMatch7.0

ibmwebsphere_application_serverMatch7.0.0.1

ibmwebsphere_application_serverMatch7.0.0.3

ibmwebsphere_application_serverMatch7.0.0.5

ibmwebsphere_application_serverMatch7.0.0.7

ibmwebsphere_application_serverMatch7.0.0.9

AND

ibmz\/os

VendorProductVersionCPE
ibmwebsphere_application_server6.1cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0cpe:2.3:a:ibm:websphere_application_server:6.1.0:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.0cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.1cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.2cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.3cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.4cpe:2.3:a:ibm:websphere_application_server:6.1.0.4:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.5cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.6cpe:2.3:a:ibm:websphere_application_server:6.1.0.6:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.7cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_application_server	6.1	cpe:2.3:a:ibm:websphere_application_server:6.1:::::::*
ibm	websphere_application_server	6.1.0	cpe:2.3:a:ibm:websphere_application_server:6.1.0:::::::*
ibm	websphere_application_server	6.1.0.0	cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:::::::*
ibm	websphere_application_server	6.1.0.1	cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:::::::*
ibm	websphere_application_server	6.1.0.2	cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:::::::*
ibm	websphere_application_server	6.1.0.3	cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:::::::*
ibm	websphere_application_server	6.1.0.4	cpe:2.3:a:ibm:websphere_application_server:6.1.0.4:::::::*
ibm	websphere_application_server	6.1.0.5	cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:::::::*
ibm	websphere_application_server	6.1.0.6	cpe:2.3:a:ibm:websphere_application_server:6.1.0.6:::::::*
ibm	websphere_application_server	6.1.0.7	cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:::::::*

Rows per page:

1-10 of 451

References

secunia.com/advisories/39628

secunia.com/advisories/40096

www-01.ibm.com/support/docview.wss?uid=swg1PM08892

www-01.ibm.com/support/docview.wss?uid=swg1PM12247

www-01.ibm.com/support/docview.wss?uid=swg1PM15829

www.osvdb.org/65437

www.vupen.com/english/advisories/2010/1411

exchange.xforce.ibmcloud.com/vulnerabilities/58324

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.9

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2010-1651