Lucene search

[email protected]NVD:CVE-2005-4833

HistoryDec 31, 2005 - 5:00 a.m.

CVE-2005-4833

2005-12-3105:00:00

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.014

Percentile

86.3%

JSON

IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via “a specific JSP URL,” related to lack of normalization of the URL format.

Affected configurations

Nvd

Node

ibmwebsphere_application_serverMatch6.0

VendorProductVersionCPE
ibmwebsphere_application_server6.0cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	websphere_application_server	6.0	cpe:2.3:a:ibm:websphere_application_server:6.0:::::::*

References

osvdb.org/34177

secunia.com/advisories/24478

www-1.ibm.com/support/docview.wss?uid=swg21243541

www-1.ibm.com/support/docview.wss?uid=swg24008815

www.securityfocus.com/bid/22991

www.vupen.com/english/advisories/2007/0970

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0.014

Percentile

86.3%

JSON

Related for NVD:CVE-2005-4833

cve1 cvelist1