CVE-2006-7164

Опубликовано: 20 мар. 2007

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests.

Ссылки

http://www-1.ibm.com/support/docview.wss?uid=swg24013029
Patch
Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg24013029
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:ia32_64-bit:*:*:*:*:*

cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*

Одно из

cpe:2.3:a:ibm:websphere_application_server:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:5.0.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:5.0.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:5.0.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:5.0.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:5.0.2.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:5.0.2.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:5.0.2.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:5.0.2.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:5.0.2.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:5.0.2.10:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:5.0.2.11:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:5.0.2.12:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:5.0.2.13:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:5.0.2.14:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:5.0.2.15:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:5.0.2.16:*:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00234

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-whmq-x848-rvj4

github

почти 4 года назад