CVE-2009-2743 Information

Description

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 and 7.0 before 7.0.0.7 does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data which allows local users to obtain sensitive information by reading the First Failure Data Capture (FFDC) log file.

Reference

http://secunia.com/advisories/37796 http://www.vupen.com/english/advisories/2009/2721 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 http://www-01.ibm.com/support/docview.wss?uid=swg27014463 http://www-1.ibm.com/support/docview.wss?uid=swg1PK86137 https://exchange.xforce.ibmcloud.com/vulnerabilities/53343