Back to search
CVE-2006-4223
Published: Aug 18, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2006-3281
vdb-entry
x_refsource_VUPEN
ADV-2007-0970
vdb-entry
x_refsource_VUPEN
24478
third-party-advisory
x_refsource_SECUNIA
http://www-1.ibm.com/support/docview.wss?uid=swg21243541
x_refsource_CONFIRM
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876#60213
x_refsource_CONFIRM
21487
third-party-advisory
x_refsource_SECUNIA
22991
vdb-entry
x_refsource_BID
PK23475
vendor-advisory
x_refsource_AIXAPAR
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now