CVE-2009-0436 — IBM Websphere Application Server vulnerability

CWE-2649 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 81.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedFeb 10

Latest updateMay 2

Description

The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x before 6.0.2.31 and 6.1.x before 6.1.0.19, as used in WebSphere Application Server (WAS), set incorrect permissions for AF_UNIX sockets, which has unknown impact and local attack vectors.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDibm/websphere_application_server59 versions+58

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-8785-fv4v-qwrx: The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6↗2022-05-02

▶

CVEList

CVE-2009-0436: The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6↗2009-02-10

▶

💬Community

Bugzilla

CVE-2009-1308 Firefox XSS hazard using third-party stylesheets and XBL bindings↗2009-04-17

▶

Bugzilla

CVE-2009-1302 Firefox 3 Layout engine crashes↗2009-04-17

▶

Bugzilla

CVE-2009-1304 Firefox 3 JavaScript engine crashes↗2009-04-17

▶

Bugzilla

CVE-2009-1310 Firefox Malicious search plugins can inject code into arbitrary sites↗2009-04-17

▶