CVE-2016-0385

Опубликовано: 01 сент. 2016

Источник: nvd

CVSS3: 3.1

CVSS2: 3.5

EPSS Низкий

Описание

Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.10, 9.0 before 9.0.0.1, and Liberty before 16.0.0.3, when HttpSessionIdReuse is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.

Ссылки

http://www-01.ibm.com/support/docview.wss?uid=swg1PI60026
Not Applicable
http://www-01.ibm.com/support/docview.wss?uid=swg21982588
Mitigation
Patch
Vendor Advisory
http://www.securityfocus.com/bid/92505
http://www.securitytracker.com/id/1036654
http://www-01.ibm.com/support/docview.wss?uid=swg1PI60026
Not Applicable
http://www-01.ibm.com/support/docview.wss?uid=swg21982588
Mitigation
Patch
Vendor Advisory
http://www.securityfocus.com/bid/92505
http://www.securitytracker.com/id/1036654

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.10:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.11:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.12:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.13:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.14:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.15:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.16:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.17:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.18:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.19:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.21:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.22:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.23:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.24:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.25:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.27:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.28:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.29:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.31:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.32:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.33:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.34:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.35:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.36:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.37:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.38:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.39:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:7.0.0.41:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.10:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.11:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.0.0.12:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.0.0:-:liberty_profile:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.0.1:-:liberty_profile:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.0.2:-:liberty_profile:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:-:liberty_profile:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:-:liberty_profile:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:-:liberty_profile:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.5.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.5.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.5.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:8.5.5.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:websphere_application_server:9.0.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00247

Низкий

3.1 Low

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-5q4j-2mw9-cf2p