VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-0777
websphere_application_server: The Web Container in IBM WebSphere Application Serv...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0777

Original

The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-05-17
Source Information Category:
Advisory, Alert
Last Updated:
2010-05-18




Affected Product Tags
cpe:/a:ibm:websphere_application_server:6.0
cpe:/a:ibm:websphere_application_server:6.0.0.1
cpe:/a:ibm:websphere_application_server:6.0.0.2
cpe:/a:ibm:websphere_application_server:6.0.0.3
cpe:/a:ibm:websphere_application_server:6.0.1
cpe:/a:ibm:websphere_application_server:6.0.1.1
cpe:/a:ibm:websphere_application_server:6.0.1.11
cpe:/a:ibm:websphere_application_server:6.0.1.13
cpe:/a:ibm:websphere_application_server:6.0.1.15
cpe:/a:ibm:websphere_application_server:6.0.1.17
cpe:/a:ibm:websphere_application_server:6.0.1.2
cpe:/a:ibm:websphere_application_server:6.0.1.3
cpe:/a:ibm:websphere_application_server:6.0.1.5
cpe:/a:ibm:websphere_application_server:6.0.1.7
cpe:/a:ibm:websphere_application_server:6.0.1.9
cpe:/a:ibm:websphere_application_server:6.0.2
cpe:/a:ibm:websphere_application_server:6.0.2.1
cpe:/a:ibm:websphere_application_server:6.0.2.10
cpe:/a:ibm:websphere_application_server:6.0.2.11
cpe:/a:ibm:websphere_application_server:6.0.2.12
cpe:/a:ibm:websphere_application_server:6.0.2.13
cpe:/a:ibm:websphere_application_server:6.0.2.14
cpe:/a:ibm:websphere_application_server:6.0.2.15
cpe:/a:ibm:websphere_application_server:6.0.2.16
cpe:/a:ibm:websphere_application_server:6.0.2.17
cpe:/a:ibm:websphere_application_server:6.0.2.18
cpe:/a:ibm:websphere_application_server:6.0.2.19
cpe:/a:ibm:websphere_application_server:6.0.2.2
cpe:/a:ibm:websphere_application_server:6.0.2.20
cpe:/a:ibm:websphere_application_server:6.0.2.21
cpe:/a:ibm:websphere_application_server:6.0.2.22
cpe:/a:ibm:websphere_application_server:6.0.2.23
cpe:/a:ibm:websphere_application_server:6.0.2.24
cpe:/a:ibm:websphere_application_server:6.0.2.25
cpe:/a:ibm:websphere_application_server:6.0.2.27
cpe:/a:ibm:websphere_application_server:6.0.2.28
cpe:/a:ibm:websphere_application_server:6.0.2.29
cpe:/a:ibm:websphere_application_server:6.0.2.3
cpe:/a:ibm:websphere_application_server:6.0.2.30
cpe:/a:ibm:websphere_application_server:6.0.2.31
cpe:/a:ibm:websphere_application_server:6.0.2.32
cpe:/a:ibm:websphere_application_server:6.0.2.33
cpe:/a:ibm:websphere_application_server:6.0.2.35
cpe:/a:ibm:websphere_application_server:6.0.2.37
cpe:/a:ibm:websphere_application_server:6.0.2.39
cpe:/a:ibm:websphere_application_server:6.0.2.4
cpe:/a:ibm:websphere_application_server:6.0.2.5
cpe:/a:ibm:websphere_application_server:6.0.2.6
cpe:/a:ibm:websphere_application_server:6.0.2.7
cpe:/a:ibm:websphere_application_server:6.0.2.8
cpe:/a:ibm:websphere_application_server:6.0.2.9
cpe:/a:ibm:websphere_application_server:6.1
cpe:/a:ibm:websphere_application_server:6.1.0
cpe:/a:ibm:websphere_application_server:6.1.0.0
cpe:/a:ibm:websphere_application_server:6.1.0.1
cpe:/a:ibm:websphere_application_server:6.1.0.11
cpe:/a:ibm:websphere_application_server:6.1.0.13
cpe:/a:ibm:websphere_application_server:6.1.0.15
cpe:/a:ibm:websphere_application_server:6.1.0.17
cpe:/a:ibm:websphere_application_server:6.1.0.19
cpe:/a:ibm:websphere_application_server:6.1.0.2
cpe:/a:ibm:websphere_application_server:6.1.0.21
cpe:/a:ibm:websphere_application_server:6.1.0.23
cpe:/a:ibm:websphere_application_server:6.1.0.25
cpe:/a:ibm:websphere_application_server:6.1.0.27
cpe:/a:ibm:websphere_application_server:6.1.0.29
cpe:/a:ibm:websphere_application_server:6.1.0.3
cpe:/a:ibm:websphere_application_server:6.1.0.5
cpe:/a:ibm:websphere_application_server:6.1.0.7
cpe:/a:ibm:websphere_application_server:6.1.0.9
cpe:/a:ibm:websphere_application_server:7.0
cpe:/a:ibm:websphere_application_server:7.0.0.1
cpe:/a:ibm:websphere_application_server:7.0.0.3
cpe:/a:ibm:websphere_application_server:7.0.0.5
cpe:/a:ibm:websphere_application_server:7.0.0.7
cpe:/a:ibm:websphere_application_server:7.0.0.9
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

X High [?]
Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
Vulnerability Type Input Validation (CWE-20)




XF was-webcontainer-info-disclosure(58557)




Copyright © 2010 JPCERT/CC All Rights Reserved.