Design/Logic Flaw

2018-10-1211:29:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

81.0%

JSON

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system. IBM X-Force ID: 148686.

CPENameOperatorVersion
websphere_application_serverge8.0.0.0
websphere_application_serverle8.0.0.15
websphere_application_serverge7.0.0.0
websphere_application_serverle7.0.0.45
websphere_application_serverge8.5.0.0
websphere_application_serverle8.5.5.14
websphere_application_serverge9.0.0.0
websphere_application_serverle9.0.0.9

Name	Operator	Version
websphere_application_server	ge	8.0.0.0
websphere_application_server	le	8.0.0.15
websphere_application_server	ge	7.0.0.0
websphere_application_server	le	7.0.0.45
websphere_application_server	ge	8.5.0.0
websphere_application_server	le	8.5.5.14
websphere_application_server	ge	9.0.0.0
websphere_application_server	le	9.0.0.9