Lucene search
HistoryJun 03, 2009 - 5:00 p.m.
CVE-2009-1898
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.2
Confidence
High
EPSS
0.005
Percentile
75.4%
The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network.
Affected configurations
Node
ibmwebsphere_application_serverRange≤6.0.2.33
ORibmwebsphere_application_serverMatch6.0.2
ORibmwebsphere_application_serverMatch6.0.2.1
ORibmwebsphere_application_serverMatch6.0.2.2
ORibmwebsphere_application_serverMatch6.0.2.3
ORibmwebsphere_application_serverMatch6.0.2.4
ORibmwebsphere_application_serverMatch6.0.2.5
ORibmwebsphere_application_serverMatch6.0.2.6
ORibmwebsphere_application_serverMatch6.0.2.7
ORibmwebsphere_application_serverMatch6.0.2.8
ORibmwebsphere_application_serverMatch6.0.2.9
ORibmwebsphere_application_serverMatch6.0.2.10
ORibmwebsphere_application_serverMatch6.0.2.11
ORibmwebsphere_application_serverMatch6.0.2.12
ORibmwebsphere_application_serverMatch6.0.2.13
ORibmwebsphere_application_serverMatch6.0.2.14
ORibmwebsphere_application_serverMatch6.0.2.15
ORibmwebsphere_application_serverMatch6.0.2.16
ORibmwebsphere_application_serverMatch6.0.2.17
ORibmwebsphere_application_serverMatch6.0.2.18
ORibmwebsphere_application_serverMatch6.0.2.19
ORibmwebsphere_application_serverMatch6.0.2.20
ORibmwebsphere_application_serverMatch6.0.2.21
ORibmwebsphere_application_serverMatch6.0.2.22
ORibmwebsphere_application_serverMatch6.0.2.23
ORibmwebsphere_application_serverMatch6.0.2.24
ORibmwebsphere_application_serverMatch6.0.2.25
ORibmwebsphere_application_serverMatch6.0.2.27
ORibmwebsphere_application_serverMatch6.0.2.28
ORibmwebsphere_application_serverMatch6.0.2.29
ORibmwebsphere_application_serverMatch6.0.2.30
ORibmwebsphere_application_serverMatch6.0.2.31
ORibmwebsphere_application_serverMatch6.0.2.32
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | websphere_application_server | * | cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2 | cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.1 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.2 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.2:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.3 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.4 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.4:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.5 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.6 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.6:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.7 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:* |
| ibm | websphere_application_server | 6.0.2.8 | cpe:2.3:a:ibm:websphere_application_server:6.0.2.8:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2009-06-03 17:00:00
cvelist
cvelist
CVE-2009-1898
2009-06-03 16:33:00
cve
cve
CVE-2009-1898
2009-06-03 17:00:00
nessus
nessus
IBM WebSphere Application Server < 6.0.2.35 Multiple Vulnerabilities
2009-06-02 00:00:00
IBM WebSphere Application Server 7.0 < Fix Pack 5
2009-08-31 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.2
Confidence
High
EPSS
0.005
Percentile
75.4%
Related for NVD:CVE-2009-1898