CVE-2010-1651 Information

Description

IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11 when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled logs the entirety of all inbound and outbound SIP messages which allows local users to obtain sensitive information by reading the trace log.

Reference

http://secunia.com/advisories/39628 http://secunia.com/advisories/40096 http://www.osvdb.org/65437 http://www.vupen.com/english/advisories/2010/1411 http://www-01.ibm.com/support/docview.wss?uid=swg1PM08892 http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247 http://www-01.ibm.com/support/docview.wss?uid=swg1PM15829 https://exchange.xforce.ibmcloud.com/vulnerabilities/58324