Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-3498Sensitive Information Exposure in IBM Websphere Application Server

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
52.0%
top 2.08%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
IBM Websphere Application Server
Timeline
PublishedNov 4
Latest updateMay 1

Description

IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDibm/websphere_application_server5.0.05.02.15+2

🔴Vulnerability Details

2
GHSA
GHSA-vgq5-w284-7ccg: IBM WebSphere Application Server 52022-05-01
CVEList
CVE-2005-3498: IBM WebSphere Application Server 52005-11-04

💥Exploits & PoCs

1
Metasploit
HTTP Options Detection
CVE-2005-3498 — Sensitive Information Exposure in IBM | cvebase