CVE-2015-1932 — Sensitive Information Exposure in IBM Websphere Virtual Enterprise

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 40.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Virtual Enterprise IBM Websphere Application Server

Timeline

PublishedAug 22

Latest updateMay 17

Description

IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sensitive information about the proxy-server software by reading the HTTP Via header.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDibm/websphere_application_server54 versions+53

▶NVDibm/websphere_virtual_enterprise7.0.0.6

🔴Vulnerability Details

GHSA

GHSA-hfh8-g43j-h4v7: IBM WebSphere Application Server 7↗2022-05-17

▶

CVEList

CVE-2015-1932: IBM WebSphere Application Server 7↗2015-08-22

▶