CVE-2011-1359 Information

Description

Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 7.0 before 7.0.0.19 and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

Reference

http://secunia.com/advisories/45749 http://www.ibm.com/support/docview.wss?uid=swg21509257 http://www.osvdb.org/74817 http://www.securityfocus.com/bid/49362 http://www-01.ibm.com/support/docview.wss?uid=swg1PM45322 https://exchange.xforce.ibmcloud.com/vulnerabilities/69473