CVE-2010-0777Improper Input Validation in IBM Websphere Application Server

CWE-20Improper Input Validation3 documents3 sources
Severity
2.6LOWNVD
EPSS
0.5%
top 32.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere Application Server
Timeline
PublishedMay 17
Latest updateMay 2

Description

The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-6g82-28j6-wwx5: The Web Container in IBM WebSphere Application Server (WAS) 62022-05-02
CVEList
CVE-2010-0777: The Web Container in IBM WebSphere Application Server (WAS) 62010-05-17
CVE-2010-0777 — Improper Input Validation in IBM | cvebase