IBM : Security Vulnerabilities, CVEs, Published In 2006 (Information Leak) CVSS score >= 4
The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests."
Max CVSS
5.0
EPSS Score
0.93%
Published
2006-12-19
Updated
2011-06-14
IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137.
Max CVSS
5.0
EPSS Score
0.36%
Published
2006-08-18
Updated
2011-03-07
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others.
Max CVSS
7.5
EPSS Score
0.69%
Published
2006-08-14
Updated
2011-03-08
3 vulnerabilities found