CVE-2005-4833

2007-03-2010:00:00

mitre

www.cve.org

6.3 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.3%

JSON

IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via “a specific JSP URL,” related to lack of normalization of the URL format.

References

osvdb.org/34177

secunia.com/advisories/24478

www-1.ibm.com/support/docview.wss?uid=swg21243541

www-1.ibm.com/support/docview.wss?uid=swg24008815

www.securityfocus.com/bid/22991

www.vupen.com/english/advisories/2007/0970