CVE-2009-0508 — Sensitive Information Exposure in IBM Websphere Application Server

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.7%

top 17.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedMar 16

Latest updateMay 2

Description

The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/websphere_application_server34 versions+33

Patches

Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗Patch: www-01.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-953q-pp3w-6gv5: The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5↗2022-05-02

▶

CVEList

CVE-2009-0508: The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5↗2009-03-16

▶