CVE-2006-4137
published 2006-08-14CVE-2006-4137: IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2)…
medium5CVSS 3.1
AVNACLAuNCPINAN
IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) "script generated syntax on wsadmin command line," and (3) traces.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | websphere_application_server | <= 6.0.2.11 | — |
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | — | — |
| ibm | websphere_application_server | — | — |
GHSA
GHSA-f8qh-r27m-q974: IBM WebSphere Application Server (WAS) before 6
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2006-4223 [MEDIUM] CWE-200 GHSA-f8qh-r27m-q974: IBM WebSphere Application Server (WAS) before 6
IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137.
GHSA
GHSA-ph4m-3cp9-772w: IBM WebSphere Application Server before 6
ghsa_unreviewed·2022-05-01
CVE-2006-4137 [MEDIUM] GHSA-ph4m-3cp9-772w: IBM WebSphere Application Server before 6
IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) "script generated syntax on wsadmin command line," and (3) traces.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/21440http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951http://www-1.ibm.com/support/search.wss?rs=0&q=PK27547&apar=onlyhttp://www-1.ibm.com/support/search.wss?rs=0&q=PK27857&apar=onlyhttp://www-1.ibm.com/support/search.wss?rs=0&q=PK28408&apar=onlyhttp://www.securityfocus.com/bid/19463http://www.vupen.com/english/advisories/2006/3262http://secunia.com/advisories/21440http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951http://www-1.ibm.com/support/search.wss?rs=0&q=PK27547&apar=onlyhttp://www-1.ibm.com/support/search.wss?rs=0&q=PK27857&apar=onlyhttp://www-1.ibm.com/support/search.wss?rs=0&q=PK28408&apar=onlyhttp://www.securityfocus.com/bid/19463http://www.vupen.com/english/advisories/2006/3262
2006-08-14
Published