The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 01:12
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/39838 - | |
References | () http://www-01.ibm.com/support/docview.wss?uid=swg1PM06111 - | |
References | () http://www-01.ibm.com/support/docview.wss?uid=swg27007951 - | |
References | () http://www.securityfocus.com/bid/40277 - | |
References | () http://www.vupen.com/english/advisories/2010/1200 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/58557 - |
Information
Published : 2010-05-17 22:30
Updated : 2024-11-21 01:12
NVD link : CVE-2010-0777
Mitre link : CVE-2010-0777
CVE.ORG link : CVE-2010-0777
JSON object : View
Products Affected
ibm
- websphere_application_server
CWE
CWE-20
Improper Input Validation