CVE-2005-4833 — IBM Websphere Application Server vulnerability

3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.6%

top 30.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedDec 31

Latest updateMay 1

Description

IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via "a specific JSP URL," related to lack of normalization of the URL format.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/websphere_application_server6.0

Patches

Patch: www-1.ibm.com ↗Patch: www-1.ibm.com ↗Patch: www-1.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-3jf2-2rp2-p843: IBM WebSphere Application Server (WAS) 6↗2022-05-01

▶

CVEList

CVE-2005-4833: IBM WebSphere Application Server (WAS) 6↗2007-03-20

▶