VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-1651
websphere_application_server: IBM WebSphere Application Server (WAS) 6.1.x before...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1651

Original

IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-05-03
Source Information Category:
Advisory, Alert
Last Updated:
2010-05-03




Affected Product Tags
cpe:/a:ibm:websphere_application_server:6.1
cpe:/a:ibm:websphere_application_server:6.1.0
cpe:/a:ibm:websphere_application_server:6.1.0.0
cpe:/a:ibm:websphere_application_server:6.1.0.1
cpe:/a:ibm:websphere_application_server:6.1.0.10
cpe:/a:ibm:websphere_application_server:6.1.0.11
cpe:/a:ibm:websphere_application_server:6.1.0.12
cpe:/a:ibm:websphere_application_server:6.1.0.13
cpe:/a:ibm:websphere_application_server:6.1.0.14
cpe:/a:ibm:websphere_application_server:6.1.0.15
cpe:/a:ibm:websphere_application_server:6.1.0.16
cpe:/a:ibm:websphere_application_server:6.1.0.17
cpe:/a:ibm:websphere_application_server:6.1.0.18
cpe:/a:ibm:websphere_application_server:6.1.0.19
cpe:/a:ibm:websphere_application_server:6.1.0.2
cpe:/a:ibm:websphere_application_server:6.1.0.20
cpe:/a:ibm:websphere_application_server:6.1.0.21
cpe:/a:ibm:websphere_application_server:6.1.0.22
cpe:/a:ibm:websphere_application_server:6.1.0.23
cpe:/a:ibm:websphere_application_server:6.1.0.24
cpe:/a:ibm:websphere_application_server:6.1.0.25
cpe:/a:ibm:websphere_application_server:6.1.0.26
cpe:/a:ibm:websphere_application_server:6.1.0.27
cpe:/a:ibm:websphere_application_server:6.1.0.29
cpe:/a:ibm:websphere_application_server:6.1.0.3
cpe:/a:ibm:websphere_application_server:6.1.0.4
cpe:/a:ibm:websphere_application_server:6.1.0.5
cpe:/a:ibm:websphere_application_server:6.1.0.6
cpe:/a:ibm:websphere_application_server:6.1.0.7
cpe:/a:ibm:websphere_application_server:6.1.0.8
cpe:/a:ibm:websphere_application_server:6.1.0.9
cpe:/a:ibm:websphere_application_server:6.1.1
cpe:/a:ibm:websphere_application_server:6.1.13
cpe:/a:ibm:websphere_application_server:6.1.14
cpe:/a:ibm:websphere_application_server:6.1.3
cpe:/a:ibm:websphere_application_server:6.1.5
cpe:/a:ibm:websphere_application_server:6.1.6
cpe:/a:ibm:websphere_application_server:6.1.7
cpe:/a:ibm:websphere_application_server:7.0
cpe:/a:ibm:websphere_application_server:7.0.0.1
cpe:/a:ibm:websphere_application_server:7.0.0.3
cpe:/a:ibm:websphere_application_server:7.0.0.5
cpe:/a:ibm:websphere_application_server:7.0.0.7
cpe:/a:ibm:websphere_application_server:7.0.0.9
cpe:/o:ibm:z%2Fos
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

X Local [?]
Adjacent Network [?]
Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
AIXAPAR PM12247




AIXAPAR PM08892




SECUNIA 39628




Vulnerability Type Cryptographic Issues (CWE-310)




Copyright © 2010 JPCERT/CC All Rights Reserved.