CVE-2005-4833

Опубликовано: 31 дек. 2005

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via "a specific JSP URL," related to lack of normalization of the URL format.

Ссылки

http://osvdb.org/34177
http://secunia.com/advisories/24478
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21243541
Patch
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg24008815
Patch
Vendor Advisory
http://www.securityfocus.com/bid/22991
http://www.vupen.com/english/advisories/2007/0970
http://osvdb.org/34177
http://secunia.com/advisories/24478
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21243541
Patch
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg24008815
Patch
Vendor Advisory
http://www.securityfocus.com/bid/22991
http://www.vupen.com/english/advisories/2007/0970

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00495

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-3jf2-2rp2-p843

github

почти 4 года назад