CVE-2009-0508 Information
Description
The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0 5.1.1.19 6.0.2 before 6.0.2.35 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf (2) meta-inf and unspecified other directories via unknown vectors related to (a) web-based applications and (b) the administrative console.
Reference
http://secunia.com/advisories/34283 http://secunia.com/advisories/34876 http://www.securityfocus.com/bid/34104 http://www.vupen.com/english/advisories/2009/0704 http://www.vupen.com/english/advisories/2009/1188 http://www.vupen.com/english/advisories/2009/1464 http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24022456 http://www-01.ibm.com/support/docview.wss?uid=swg1PK81387 http://www-01.ibm.com/support/docview.wss?uid=swg21380233 http://www-01.ibm.com/support/docview.wss?uid=swg21380376 http://www-01.ibm.com/support/docview.wss?uid=swg27006876 https://exchange.xforce.ibmcloud.com/vulnerabilities/49085
Share on: