CVE-2006-4137

IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) "script generated syntax on wsadmin command line," and (3) traces.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/21440	Patch Vendor Advisory
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951	Patch
http://www-1.ibm.com/support/search.wss?rs=0&q=PK27547&apar=only	Patch
http://www-1.ibm.com/support/search.wss?rs=0&q=PK27857&apar=only	Patch
http://www-1.ibm.com/support/search.wss?rs=0&q=PK28408&apar=only	Patch
http://www.securityfocus.com/bid/19463	Patch
http://www.vupen.com/english/advisories/2006/3262

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:websphere_application_server:6.0:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.0.1:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.0.2:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.0.3:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.1:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.1.2:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2.2:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2.4:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2.6:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:::::::*
	cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:::::::*

History

No history.

Information

Published : 2006-08-14 23:04

Updated : 2024-02-04 16:52

NVD link : CVE-2006-4137

Mitre link : CVE-2006-4137

CVE.ORG link : CVE-2006-4137

JSON object : View

Products Affected

ibm

websphere_application_server

CWE

NVD-CWE-Other

{"id": "CVE-2006-4137", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-08-14T23:04:00.000", "references": [{"url": "http://secunia.com/advisories/21440", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK27547&apar=only", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK27857&apar=only", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK28408&apar=only", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/19463", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/3262", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) \"script generated syntax on wsadmin command line,\" and (3) traces."}, {"lang": "es", "value": "IBM WebSphere Application Server anteior a 6.1.0.1 permite a atacantes obtener informaci\u00f3n sensible mediante vectores no especificados relacionados con (1) el archivo de registro (log), (2) \"sintaxis generada por secuencia de comandos en la l\u00ednea de comandos wsadmin\", y (3) trazas."}], "lastModified": "2011-03-08T02:40:26.547", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01F45BA3-6504-47AF-B757-7B6D3526FBF6"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3E6D6AF-0D69-4605-B871-6DAE01CF08EF"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5EE7744-4584-4AE4-9F27-11EFAA002E77"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DE0C501-4062-49D0-8983-5E92765C7181"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE27E903-6D65-4D29-9583-43FB4CB473B1"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D40DEF90-CE7F-46BB-A6FF-50C1797866B8"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "714C405D-1E8F-45C1-8A09-5103F0080C76"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7F31FD3-8681-4F07-9644-5CC87D512520"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2604E01-E43E-4882-8896-5E646E850286"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "458BAD79-958E-4665-B1F8-0D46E0C57045"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B68EE27-CC4F-4530-9DFE-D94171C45F64"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC1A723F-D685-4FE5-8938-5682A2D02155"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "810E5AEC-5C35-4962-B9BB-32D66290D1D2"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9643B593-DADF-4F57-B41E-541C7F554A4C"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "521DB050-3C94-49BF-8666-6EC2C358AA27"}, {"criteria": "cpe:2.3:a:ibm:websphere_application_server:6.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E4191D3-64AB-482C-9DEF-DD04C4C942CE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}