CVE-2010-0777 Information

Description

The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43 6.1 before 6.1.0.31 and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses which allows remote attackers to obtain sensitive information by reading the retrieved file.

Reference

http://secunia.com/advisories/39838 http://www.securityfocus.com/bid/40277 http://www.vupen.com/english/advisories/2010/1200 http://www-01.ibm.com/support/docview.wss?uid=swg1PM06111 http://www-01.ibm.com/support/docview.wss?uid=swg27007951 https://exchange.xforce.ibmcloud.com/vulnerabilities/58557