Lucene search

MitreCVE-2009-0434

HistoryFeb 10, 2009 - 10:30 p.m.

CVE-2009-0434

2009-02-1022:30:00

CWE-200

mitre

web.nvd.nist.gov

ibm websphere

app server

perfservlet

pmi

performance tools

cve-2009-0434

nvd

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.5

Confidence

Low

EPSS

0.002

Percentile

54.8%

JSON

PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.31, 6.1.x before 6.1.0.21, and 7.0.x before 7.0.0.1, when Performance Monitoring Infrastructure (PMI) is enabled, allows local users to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2008-5413.

Affected configurations

Nvd

Node

ibmwebsphere_application_serverMatch6.0

ibmwebsphere_application_serverMatch6.0.0.1

ibmwebsphere_application_serverMatch6.0.0.2

ibmwebsphere_application_serverMatch6.0.0.3

ibmwebsphere_application_serverMatch6.0.1

ibmwebsphere_application_serverMatch6.0.1.1

ibmwebsphere_application_serverMatch6.0.1.2

ibmwebsphere_application_serverMatch6.0.1.3

ibmwebsphere_application_serverMatch6.0.1.5

ibmwebsphere_application_serverMatch6.0.1.7

ibmwebsphere_application_serverMatch6.0.1.9

ibmwebsphere_application_serverMatch6.0.1.11

ibmwebsphere_application_serverMatch6.0.1.13

ibmwebsphere_application_serverMatch6.0.1.15

ibmwebsphere_application_serverMatch6.0.1.17

ibmwebsphere_application_serverMatch6.0.2

ibmwebsphere_application_serverMatch6.0.2.1

ibmwebsphere_application_serverMatch6.0.2.2

ibmwebsphere_application_serverMatch6.0.2.3

ibmwebsphere_application_serverMatch6.0.2.4

ibmwebsphere_application_serverMatch6.0.2.5

ibmwebsphere_application_serverMatch6.0.2.6

ibmwebsphere_application_serverMatch6.0.2.7

ibmwebsphere_application_serverMatch6.0.2.9

ibmwebsphere_application_serverMatch6.0.2.11

ibmwebsphere_application_serverMatch6.0.2.13

ibmwebsphere_application_serverMatch6.0.2.15

ibmwebsphere_application_serverMatch6.0.2.17

ibmwebsphere_application_serverMatch6.0.2.19

ibmwebsphere_application_serverMatch6.0.2.22

ibmwebsphere_application_serverMatch6.0.2.23

ibmwebsphere_application_serverMatch6.0.2.24

ibmwebsphere_application_serverMatch6.0.2.25

ibmwebsphere_application_serverMatch6.0.2.27

ibmwebsphere_application_serverMatch6.0.2.28

ibmwebsphere_application_serverMatch6.0.2.29

ibmwebsphere_application_serverMatch6.0.2.30

ibmwebsphere_application_serverMatch6.0.2.31

ibmwebsphere_application_serverMatch6.1

ibmwebsphere_application_serverMatch6.1.0

ibmwebsphere_application_serverMatch6.1.0.0

ibmwebsphere_application_serverMatch6.1.0.1

ibmwebsphere_application_serverMatch6.1.0.2

ibmwebsphere_application_serverMatch6.1.0.10

ibmwebsphere_application_serverMatch6.1.0.11

ibmwebsphere_application_serverMatch6.1.0.12

ibmwebsphere_application_serverMatch6.1.0.13

ibmwebsphere_application_serverMatch6.1.0.14

ibmwebsphere_application_serverMatch6.1.0.15

ibmwebsphere_application_serverMatch6.1.0.16

ibmwebsphere_application_serverMatch6.1.0.17

ibmwebsphere_application_serverMatch6.1.0.18

ibmwebsphere_application_serverMatch6.1.0.19

ibmwebsphere_application_serverMatch6.1.0.20

ibmwebsphere_application_serverMatch6.1.0.21

ibmwebsphere_application_serverMatch7.0

VendorProductVersionCPE
ibmwebsphere_application_server6.0cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*
ibmwebsphere_application_server6.0.0.1cpe:2.3:a:ibm:websphere_application_server:6.0.0.1:*:*:*:*:*:*:*
ibmwebsphere_application_server6.0.0.2cpe:2.3:a:ibm:websphere_application_server:6.0.0.2:*:*:*:*:*:*:*
ibmwebsphere_application_server6.0.0.3cpe:2.3:a:ibm:websphere_application_server:6.0.0.3:*:*:*:*:*:*:*
ibmwebsphere_application_server6.0.1cpe:2.3:a:ibm:websphere_application_server:6.0.1:*:*:*:*:*:*:*
ibmwebsphere_application_server6.0.1.1cpe:2.3:a:ibm:websphere_application_server:6.0.1.1:*:*:*:*:*:*:*
ibmwebsphere_application_server6.0.1.2cpe:2.3:a:ibm:websphere_application_server:6.0.1.2:*:*:*:*:*:*:*
ibmwebsphere_application_server6.0.1.3cpe:2.3:a:ibm:websphere_application_server:6.0.1.3:*:*:*:*:*:*:*
ibmwebsphere_application_server6.0.1.5cpe:2.3:a:ibm:websphere_application_server:6.0.1.5:*:*:*:*:*:*:*
ibmwebsphere_application_server6.0.1.7cpe:2.3:a:ibm:websphere_application_server:6.0.1.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_application_server	6.0	cpe:2.3:a:ibm:websphere_application_server:6.0:::::::*
ibm	websphere_application_server	6.0.0.1	cpe:2.3:a:ibm:websphere_application_server:6.0.0.1:::::::*
ibm	websphere_application_server	6.0.0.2	cpe:2.3:a:ibm:websphere_application_server:6.0.0.2:::::::*
ibm	websphere_application_server	6.0.0.3	cpe:2.3:a:ibm:websphere_application_server:6.0.0.3:::::::*
ibm	websphere_application_server	6.0.1	cpe:2.3:a:ibm:websphere_application_server:6.0.1:::::::*
ibm	websphere_application_server	6.0.1.1	cpe:2.3:a:ibm:websphere_application_server:6.0.1.1:::::::*
ibm	websphere_application_server	6.0.1.2	cpe:2.3:a:ibm:websphere_application_server:6.0.1.2:::::::*
ibm	websphere_application_server	6.0.1.3	cpe:2.3:a:ibm:websphere_application_server:6.0.1.3:::::::*
ibm	websphere_application_server	6.0.1.5	cpe:2.3:a:ibm:websphere_application_server:6.0.1.5:::::::*
ibm	websphere_application_server	6.0.1.7	cpe:2.3:a:ibm:websphere_application_server:6.0.1.7:::::::*

Rows per page:

1-10 of 561

References

www-01.ibm.com/support/docview.wss?uid=swg27006876

www-01.ibm.com/support/docview.wss?uid=swg27007951

www-01.ibm.com/support/docview.wss?uid=swg27014463

www-1.ibm.com/support/docview.wss?uid=swg1PK63886

www-1.ibm.com/support/docview.wss?uid=swg1PK79230

www.securityfocus.com/bid/33700

www.vupen.com/english/advisories/2009/0423

exchange.xforce.ibmcloud.com/vulnerabilities/48524

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.5

Confidence

Low

EPSS

0.002

Percentile

54.8%

JSON

Related for CVE-2009-0434