Lucene search
HistoryMay 02, 2005 - 4:00 a.m.
CVE-2005-1112
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.8
Confidence
High
EPSS
0.024
Percentile
89.9%
IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine.
Affected configurations
Node
ibmwebsphere_application_serverMatch5.0
ORibmwebsphere_application_serverMatch5.0.1
ORibmwebsphere_application_serverMatch5.0.2
ORibmwebsphere_application_serverMatch5.0.2.1
ORibmwebsphere_application_serverMatch5.0.2.3
ORibmwebsphere_application_serverMatch5.0.2.4
ORibmwebsphere_application_serverMatch5.0.2.5
ORibmwebsphere_application_serverMatch5.0.2.6
ORibmwebsphere_application_serverMatch5.0.2.7
ORibmwebsphere_application_serverMatch5.0.2.8
ORibmwebsphere_application_serverMatch5.0.2.9
ORibmwebsphere_application_serverMatch5.1.0
ORibmwebsphere_application_serverMatch5.1.0.2
ORibmwebsphere_application_serverMatch5.1.0.4
ORibmwebsphere_application_serverMatch5.1.0.5
ORibmwebsphere_application_serverMatch5.1.1
ORibmwebsphere_application_serverMatch5.1.1.1
ORibmwebsphere_application_serverMatch5.1.1.2
ORibmwebsphere_application_serverMatch5.1.1.3
ORibmwebsphere_application_serverMatch6.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_application_server | 5.0 | cpe:2.3:a:ibm:websphere_application_server:5.0:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 5.0.1 | cpe:2.3:a:ibm:websphere_application_server:5.0.1:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 5.0.2 | cpe:2.3:a:ibm:websphere_application_server:5.0.2:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 5.0.2.1 | cpe:2.3:a:ibm:websphere_application_server:5.0.2.1:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 5.0.2.3 | cpe:2.3:a:ibm:websphere_application_server:5.0.2.3:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 5.0.2.4 | cpe:2.3:a:ibm:websphere_application_server:5.0.2.4:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 5.0.2.5 | cpe:2.3:a:ibm:websphere_application_server:5.0.2.5:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 5.0.2.6 | cpe:2.3:a:ibm:websphere_application_server:5.0.2.6:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 5.0.2.7 | cpe:2.3:a:ibm:websphere_application_server:5.0.2.7:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 5.0.2.8 | cpe:2.3:a:ibm:websphere_application_server:5.0.2.8:*:*:*:*:*:*:* |
Related
nessus
nessus
IBM WebSphere Application Server Malformed Host Header JSP Source Disclosure
2005-04-14 00:00:00
cve
cve
CVE-2005-1112
2005-05-02 04:00:00
cvelist
cvelist
CVE-2005-1112
2005-04-16 04:00:00
exploitdb
exploitdb
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.8
Confidence
High
EPSS
0.024
Percentile
89.9%
Related for NVD:CVE-2005-1112