Lucene search
HistoryMar 08, 2011 - 9:59 p.m.
CVE-2011-1307
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
5.9
Confidence
High
EPSS
0.001
Percentile
25.0%
The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than CVE-2009-1173.
Affected configurations
Node
ibmwebsphere_application_serverRange≤7.0.0.13
ORibmwebsphere_application_serverMatch2.0
ORibmwebsphere_application_serverMatch3.0
ORibmwebsphere_application_serverMatch3.0.2
ORibmwebsphere_application_serverMatch3.0.2.1
ORibmwebsphere_application_serverMatch3.0.2.2
ORibmwebsphere_application_serverMatch3.0.2.3
ORibmwebsphere_application_serverMatch3.0.2.4
ORibmwebsphere_application_serverMatch3.0.21
ORibmwebsphere_application_serverMatch3.5
ORibmwebsphere_application_serverMatch3.5.1
ORibmwebsphere_application_serverMatch3.5.2
ORibmwebsphere_application_serverMatch3.5.3
ORibmwebsphere_application_serverMatch3.52
ORibmwebsphere_application_serverMatch4.0.1
ORibmwebsphere_application_serverMatch4.0.2
ORibmwebsphere_application_serverMatch4.0.3
ORibmwebsphere_application_serverMatch4.0.4
ORibmwebsphere_application_serverMatch5.0
ORibmwebsphere_application_serverMatch5.0.0
ORibmwebsphere_application_serverMatch5.0.1
ORibmwebsphere_application_serverMatch5.0.2
ORibmwebsphere_application_serverMatch5.0.2.1
ORibmwebsphere_application_serverMatch5.0.2.2
ORibmwebsphere_application_serverMatch5.0.2.3
ORibmwebsphere_application_serverMatch5.0.2.4
ORibmwebsphere_application_serverMatch5.0.2.5
ORibmwebsphere_application_serverMatch5.0.2.6
ORibmwebsphere_application_serverMatch5.0.2.7
ORibmwebsphere_application_serverMatch5.0.2.8
ORibmwebsphere_application_serverMatch5.0.2.9
ORibmwebsphere_application_serverMatch5.0.2.10
ORibmwebsphere_application_serverMatch5.0.2.11
ORibmwebsphere_application_serverMatch5.0.2.12
ORibmwebsphere_application_serverMatch5.0.2.13
ORibmwebsphere_application_serverMatch5.0.2.14
ORibmwebsphere_application_serverMatch5.0.2.15
ORibmwebsphere_application_serverMatch5.0.2.16
ORibmwebsphere_application_serverMatch5.1.0
ORibmwebsphere_application_serverMatch5.1.0.2
ORibmwebsphere_application_serverMatch5.1.0.3
ORibmwebsphere_application_serverMatch5.1.0.4
ORibmwebsphere_application_serverMatch5.1.0.5
ORibmwebsphere_application_serverMatch5.1.1
ORibmwebsphere_application_serverMatch5.1.1.1
ORibmwebsphere_application_serverMatch5.1.1.2
ORibmwebsphere_application_serverMatch5.1.1.3
ORibmwebsphere_application_serverMatch5.1.1.4
ORibmwebsphere_application_serverMatch5.1.1.5
ORibmwebsphere_application_serverMatch5.1.1.6
ORibmwebsphere_application_serverMatch5.1.1.7
ORibmwebsphere_application_serverMatch5.1.1.8
ORibmwebsphere_application_serverMatch5.1.1.9
ORibmwebsphere_application_serverMatch5.1.1.10
ORibmwebsphere_application_serverMatch5.1.1.11
ORibmwebsphere_application_serverMatch5.1.1.12
ORibmwebsphere_application_serverMatch5.1.1.13
ORibmwebsphere_application_serverMatch5.1.1.14
ORibmwebsphere_application_serverMatch5.1.1.15
ORibmwebsphere_application_serverMatch5.1.1.16
ORibmwebsphere_application_serverMatch5.1.1.17
ORibmwebsphere_application_serverMatch6.0
ORibmwebsphere_application_serverMatch6.0.0.1
ORibmwebsphere_application_serverMatch6.0.0.2
ORibmwebsphere_application_serverMatch6.0.0.3
ORibmwebsphere_application_serverMatch6.0.1
ORibmwebsphere_application_serverMatch6.0.1.1
ORibmwebsphere_application_serverMatch6.0.1.2
ORibmwebsphere_application_serverMatch6.0.1.3
ORibmwebsphere_application_serverMatch6.0.1.5
ORibmwebsphere_application_serverMatch6.0.1.7
ORibmwebsphere_application_serverMatch6.0.1.9
ORibmwebsphere_application_serverMatch6.0.1.11
ORibmwebsphere_application_serverMatch6.0.1.13
ORibmwebsphere_application_serverMatch6.0.1.15
ORibmwebsphere_application_serverMatch6.0.1.17
ORibmwebsphere_application_serverMatch6.0.2
ORibmwebsphere_application_serverMatch6.0.2.1
ORibmwebsphere_application_serverMatch6.0.2.2
ORibmwebsphere_application_serverMatch6.0.2.3
ORibmwebsphere_application_serverMatch6.0.2.4
ORibmwebsphere_application_serverMatch6.0.2.5
ORibmwebsphere_application_serverMatch6.0.2.6
ORibmwebsphere_application_serverMatch6.0.2.7
ORibmwebsphere_application_serverMatch6.0.2.9
ORibmwebsphere_application_serverMatch6.0.2.11
ORibmwebsphere_application_serverMatch6.0.2.13
ORibmwebsphere_application_serverMatch6.0.2.15
ORibmwebsphere_application_serverMatch6.0.2.17
ORibmwebsphere_application_serverMatch6.0.2.19
ORibmwebsphere_application_serverMatch6.0.2.22
ORibmwebsphere_application_serverMatch6.0.2.23
ORibmwebsphere_application_serverMatch6.0.2.24
ORibmwebsphere_application_serverMatch6.0.2.25
ORibmwebsphere_application_serverMatch6.0.2.27
ORibmwebsphere_application_serverMatch6.0.2.28
ORibmwebsphere_application_serverMatch6.0.2.29
ORibmwebsphere_application_serverMatch6.0.2.30
ORibmwebsphere_application_serverMatch6.0.2.31
ORibmwebsphere_application_serverMatch6.0.2.32
ORibmwebsphere_application_serverMatch6.1
ORibmwebsphere_application_serverMatch6.1.0
ORibmwebsphere_application_serverMatch6.1.0.0
ORibmwebsphere_application_serverMatch6.1.0.1
ORibmwebsphere_application_serverMatch6.1.0.2
ORibmwebsphere_application_serverMatch6.1.0.3
ORibmwebsphere_application_serverMatch6.1.0.5
ORibmwebsphere_application_serverMatch6.1.0.7
ORibmwebsphere_application_serverMatch6.1.0.9
ORibmwebsphere_application_serverMatch6.1.0.11
ORibmwebsphere_application_serverMatch6.1.0.12
ORibmwebsphere_application_serverMatch6.1.0.15
ORibmwebsphere_application_serverMatch6.1.0.17
ORibmwebsphere_application_serverMatch6.1.0.19
ORibmwebsphere_application_serverMatch6.1.0.21
ORibmwebsphere_application_serverMatch6.1.0.23
ORibmwebsphere_application_serverMatch6.1.0.25
ORibmwebsphere_application_serverMatch6.1.0.27
ORibmwebsphere_application_serverMatch6.1.0.29
ORibmwebsphere_application_serverMatch6.1.0.31
ORibmwebsphere_application_serverMatch6.1.0.33
ORibmwebsphere_application_serverMatch6.1.1
ORibmwebsphere_application_serverMatch6.1.3
ORibmwebsphere_application_serverMatch6.1.5
ORibmwebsphere_application_serverMatch6.1.6
ORibmwebsphere_application_serverMatch6.1.7
ORibmwebsphere_application_serverMatch6.1.13
ORibmwebsphere_application_serverMatch6.1.14
ORibmwebsphere_application_serverMatch7.0
ORibmwebsphere_application_serverMatch7.0.0.1
ORibmwebsphere_application_serverMatch7.0.0.2
ORibmwebsphere_application_serverMatch7.0.0.3
ORibmwebsphere_application_serverMatch7.0.0.4
ORibmwebsphere_application_serverMatch7.0.0.5
ORibmwebsphere_application_serverMatch7.0.0.6
ORibmwebsphere_application_serverMatch7.0.0.7
ORibmwebsphere_application_serverMatch7.0.0.8
ORibmwebsphere_application_serverMatch7.0.0.9
ORibmwebsphere_application_serverMatch7.0.0.11
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_application_server | * | cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 2.0 | cpe:2.3:a:ibm:websphere_application_server:2.0:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 3.0 | cpe:2.3:a:ibm:websphere_application_server:3.0:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 3.0.2 | cpe:2.3:a:ibm:websphere_application_server:3.0.2:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 3.0.2.1 | cpe:2.3:a:ibm:websphere_application_server:3.0.2.1:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 3.0.2.2 | cpe:2.3:a:ibm:websphere_application_server:3.0.2.2:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 3.0.2.3 | cpe:2.3:a:ibm:websphere_application_server:3.0.2.3:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 3.0.2.4 | cpe:2.3:a:ibm:websphere_application_server:3.0.2.4:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 3.0.21 | cpe:2.3:a:ibm:websphere_application_server:3.0.21:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 3.5 | cpe:2.3:a:ibm:websphere_application_server:3.5:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2011-03-08 21:59:00
Code injection
2009-03-31 14:09:00
cvelist
cvelist
CVE-2011-1307
2011-03-08 21:00:00
CVE-2009-1173
2009-03-31 10:00:00
cve
cve
CVE-2011-1307
2011-03-08 21:59:34
CVE-2009-1173
2009-03-31 14:09:53
nvd
nvd
CVE-2009-1173
2009-03-31 14:09:53
nessus
nessus
IBM WebSphere Application Server 7.0 < Fix Pack 3
2009-04-10 00:00:00
IBM WebSphere Application Server 7.0 < Fix Pack 15 Multiple Vulnerabilities
2011-03-10 00:00:00
openvas
openvas
IBM WebSphere Application Server (WAS) Multiple Vulnerabilities - March 2011
2011-03-22 00:00:00
IBM WebSphere Application Server (WAS) Multiple Vulnerabilities (Mar 2011)
2011-03-22 00:00:00
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
AI Score
5.9
Confidence
High
EPSS
0.001
Percentile
25.0%
Related for NVD:CVE-2011-1307