Lucene search

PRIOn knowledge basePRION:CVE-2009-0508

HistoryMar 16, 2009 - 7:30 p.m.

Code injection

2009-03-1619:30:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.9%

JSON

The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console.

CPENameOperatorVersion
websphere_application_servereq6.1.0.21
websphere_application_servereq6.1
websphere_application_servereq6.1.0.19
websphere_application_servereq6.0.2.1
websphere_application_servereq6.0.2.5
websphere_application_servereq6.1.0.2
websphere_application_servereq5.1.0
websphere_application_servereq6.1.0.11
websphere_application_servereq6.0.2.9
websphere_application_servereq7.0

Name	Operator	Version
websphere_application_server	eq	6.1.0.21
websphere_application_server	eq	6.1
websphere_application_server	eq	6.1.0.19
websphere_application_server	eq	6.0.2.1
websphere_application_server	eq	6.0.2.5
websphere_application_server	eq	6.1.0.2
websphere_application_server	eq	5.1.0
websphere_application_server	eq	6.1.0.11
websphere_application_server	eq	6.0.2.9
websphere_application_server	eq	7.0

Rows per page:

1-10 of 341

References

secunia.com/advisories/34283

secunia.com/advisories/34876

www-01.ibm.com/support/docview.wss?rs=180&uid=swg24022456

www-01.ibm.com/support/docview.wss?uid=swg1PK81387

www-01.ibm.com/support/docview.wss?uid=swg21380233

www-01.ibm.com/support/docview.wss?uid=swg21380376

www-01.ibm.com/support/docview.wss?uid=swg27006876

www.securityfocus.com/bid/34104

www.vupen.com/english/advisories/2009/0704

www.vupen.com/english/advisories/2009/1188

www.vupen.com/english/advisories/2009/1464

exchange.xforce.ibmcloud.com/vulnerabilities/49085