Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2005-1112

Опубликовано: 02 мая 2005
Источник: nvd
CVSS2: 5
EPSS Средний

Описание

IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:websphere_application_server:5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.6:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.7:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.8:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.0.2.9:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:5.1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 94%
0.12153
Средний

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

github логотип

GHSA-c7g9-qv7w-xrwq

github
почти 4 года назад

IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine.

EPSS

Процентиль: 94%
0.12153
Средний

5 Medium

CVSS2

Дефекты

NVD-CWE-Other