Lucene search

MitreCVE-2009-0432

HistoryFeb 10, 2009 - 10:30 p.m.

CVE-2009-0432

2009-02-1022:30:00

CWE-16

mitre

web.nvd.nist.gov

ibm

websphere

application server

file transfer

servlet

vulnerability

cve-2009-0432

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.003

Percentile

70.2%

JSON

The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19 does not enable the secure version, which allows remote attackers to obtain sensitive information via unspecified vectors.

Affected configurations

Nvd

Node

ibmwebsphere_application_serverMatch6.1.0.1

ibmwebsphere_application_serverMatch6.1.0.2

ibmwebsphere_application_serverMatch6.1.0.3

ibmwebsphere_application_serverMatch6.1.0.5

ibmwebsphere_application_serverMatch6.1.0.7

ibmwebsphere_application_serverMatch6.1.0.9

ibmwebsphere_application_serverMatch6.1.0.11

ibmwebsphere_application_serverMatch6.1.0.13

ibmwebsphere_application_serverMatch6.1.0.15

ibmwebsphere_application_serverMatch6.1.0.17

VendorProductVersionCPE
ibmwebsphere_application_server6.1.0.1cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.2cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.3cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.5cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.7cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.9cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.11cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.13cpe:2.3:a:ibm:websphere_application_server:6.1.0.13:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.15cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:*
ibmwebsphere_application_server6.1.0.17cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_application_server	6.1.0.1	cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:::::::*
ibm	websphere_application_server	6.1.0.2	cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:::::::*
ibm	websphere_application_server	6.1.0.3	cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:::::::*
ibm	websphere_application_server	6.1.0.5	cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:::::::*
ibm	websphere_application_server	6.1.0.7	cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:::::::*
ibm	websphere_application_server	6.1.0.9	cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:::::::*
ibm	websphere_application_server	6.1.0.11	cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:::::::*
ibm	websphere_application_server	6.1.0.13	cpe:2.3:a:ibm:websphere_application_server:6.1.0.13:::::::*
ibm	websphere_application_server	6.1.0.15	cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:::::::*
ibm	websphere_application_server	6.1.0.17	cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg27007951

www-1.ibm.com/support/docview.wss?uid=swg1PK59108

www.securityfocus.com/bid/33700

exchange.xforce.ibmcloud.com/vulnerabilities/48522

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.003

Percentile

70.2%

JSON

Related for CVE-2009-0432