Описание
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure Data Capture (FFDC) log file.
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure Data Capture (FFDC) log file.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2009-2743
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53343
- http://secunia.com/advisories/37796
- http://www-01.ibm.com/support/docview.wss?uid=swg27007951
- http://www-01.ibm.com/support/docview.wss?uid=swg27014463
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK86137
- http://www.vupen.com/english/advisories/2009/2721
EPSS
CVE ID
Связанные уязвимости
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure Data Capture (FFDC) log file.
EPSS