Lucene search

MitreCVE-2005-4833

HistoryMar 20, 2007 - 10:00 a.m.

CVE-2005-4833

2007-03-2010:00:00

mitre

web.nvd.nist.gov

ibm

websphere

application server

was

6.0

jsp

source code exposure

vulnerability

nvd

cve-2005-4833

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

0.014

Percentile

86.3%

JSON

IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via “a specific JSP URL,” related to lack of normalization of the URL format.

Affected configurations

Nvd

Node

ibmwebsphere_application_serverMatch6.0

VendorProductVersionCPE
ibmwebsphere_application_server6.0cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_application_server	6.0	cpe:2.3:a:ibm:websphere_application_server:6.0:::::::*

References

osvdb.org/34177

secunia.com/advisories/24478

www-1.ibm.com/support/docview.wss?uid=swg21243541

www-1.ibm.com/support/docview.wss?uid=swg24008815

www.securityfocus.com/bid/22991

www.vupen.com/english/advisories/2007/0970

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

0.014

Percentile

86.3%

JSON

Related for CVE-2005-4833