CVE-2001-0446 — Path Equivalence: 'filename/' (Trailing Slash) in IBM Websphere Commerce Suite

CWE-49 — Path Equivalence: 'filename/' (Trailing Slash)CWE-41 — Improper Resolution of Path Equivalence CWE-162 — Improper Neutralization of Trailing Special Elements6 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 31.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Commerce Suite

Timeline

PublishedJun 18

Latest updateApr 30

Description

IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_commerce_suite4.0.1

🔴Vulnerability Details

GHSA

GHSA-3hgh-j2c9-7c7j: IBM WCS (WebSphere Commerce Suite) 4↗2022-04-30

▶

CVEList

CVE-2001-0446: IBM WCS (WebSphere Commerce Suite) 4↗2001-05-24

▶

📐Framework References

CWE

Path Equivalence: 'filename/' (Trailing Slash)↗

▶

CWE

Improper Resolution of Path Equivalence↗

▶

CWE

Improper Neutralization of Trailing Special Elements↗

▶