Описание
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file.
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-0777
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58557
- http://secunia.com/advisories/39838
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM06111
- http://www-01.ibm.com/support/docview.wss?uid=swg27007951
- http://www.securityfocus.com/bid/40277
- http://www.vupen.com/english/advisories/2010/1200
Связанные уязвимости
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file.