Design/Logic Flaw

2010-05-1722:30:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.6%

JSON

The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file.

CPENameOperatorVersion
websphere_application_servereq6.0.2.10
websphere_application_servereq6.0.2.1
websphere_application_servereq6.0.2.5
websphere_application_servereq6.0.0.3
websphere_application_servereq6.0.1.15
websphere_application_servereq6.0.1.3
websphere_application_servereq6.0.2.20
websphere_application_servereq6.0.2.13
websphere_application_servereq6.0.2.9
websphere_application_servereq6.0.1.11

Name	Operator	Version
websphere_application_server	eq	6.0.2.10
websphere_application_server	eq	6.0.2.1
websphere_application_server	eq	6.0.2.5
websphere_application_server	eq	6.0.0.3
websphere_application_server	eq	6.0.1.15
websphere_application_server	eq	6.0.1.3
websphere_application_server	eq	6.0.2.20
websphere_application_server	eq	6.0.2.13
websphere_application_server	eq	6.0.2.9
websphere_application_server	eq	6.0.1.11