[email protected]CVE-2012-2162

HistoryMay 01, 2012 - 7:55 p.m.

CVE-2012-2162

2012-05-0119:55:00

CWE-310

[email protected]

web.nvd.nist.gov

ibm

websphere

application server

was

8.0

http

communication

cve-2012-2162

vulnerability

nvd

6.2 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

52.7%

JSON

The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.

CPENameOperatorVersion
ibm:websphere_application_serveribm websphere application servereq5.0.0
ibm:websphere_application_serveribm websphere application servereq6.1.0.21
ibm:websphere_application_serveribm websphere application servereq6.1.0.31
ibm:websphere_application_serveribm websphere application servereq6.1.7
ibm:websphere_application_serveribm websphere application servereq5.1.0.5
ibm:websphere_application_serveribm websphere application servereq6.1
ibm:websphere_application_serveribm websphere application servereq7.0.0.2
ibm:websphere_application_serveribm websphere application servereq5.0.2.10
ibm:websphere_application_serveribm websphere application servereq5.1.1.14
ibm:websphere_application_serveribm websphere application servereq5.0.2.5

CPE	Name	Operator	Version
ibm:websphere_application_server	ibm websphere application server	eq	5.0.0
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.21
ibm:websphere_application_server	ibm websphere application server	eq	6.1.0.31
ibm:websphere_application_server	ibm websphere application server	eq	6.1.7
ibm:websphere_application_server	ibm websphere application server	eq	5.1.0.5
ibm:websphere_application_server	ibm websphere application server	eq	6.1
ibm:websphere_application_server	ibm websphere application server	eq	7.0.0.2
ibm:websphere_application_server	ibm websphere application server	eq	5.0.2.10
ibm:websphere_application_server	ibm websphere application server	eq	5.1.1.14
ibm:websphere_application_server	ibm websphere application server	eq	5.0.2.5

Rows per page:

1-10 of 1351

References

www-01.ibm.com/support/docview.wss?uid=swg21588312

www-01.ibm.com/support/docview.wss?uid=swg21591172

exchange.xforce.ibmcloud.com/vulnerabilities/74900

6.2 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

52.7%

JSON

Related for CVE-2012-2162

cvelist1 openvas2 prion1