CVE-2005-3498 Information

Description

IBM WebSphere Application Server 5.0.x before 5.02.15 5.1.x before 5.1.1.8 and 6.x before fixpack V6.0.2.5 when session trace is enabled records a full URL including the queryString in the trace logs when an application encodes a URL which could allow attackers to obtain sensitive information.

Reference

http://securitytracker.com/id?1015134 http://www.securityfocus.com/bid/15303 http://www.vupen.com/english/advisories/2005/2291 http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27004980 http://www-1.ibm.com/support/docview.wss?uid=swg24010781