Back to search
CVE-2009-0508
Published: Mar 16, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
34876
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24022456
x_refsource_CONFIRM
34283
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21380233
x_refsource_CONFIRM
ADV-2009-1188
vdb-entry
x_refsource_VUPEN
http://www-01.ibm.com/support/docview.wss?uid=swg27006876
x_refsource_CONFIRM
PK81387
vendor-advisory
x_refsource_AIXAPAR
ADV-2009-1464
vdb-entry
x_refsource_VUPEN
34104
vdb-entry
x_refsource_BID
ADV-2009-0704
vdb-entry
x_refsource_VUPEN
websphere-web-app-information-disclosure(49085)
vdb-entry
x_refsource_XF
http://www-01.ibm.com/support/docview.wss?uid=swg21380376
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now