CVE-2009-0508

The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
ibmwebsphere_application_server
5.1.0
ibmwebsphere_application_server
5.1.1.19
ibmwebsphere_application_server
6.0.2
ibmwebsphere_application_server
6.0.2.1
ibmwebsphere_application_server
6.0.2.3
ibmwebsphere_application_server
6.0.2.5
ibmwebsphere_application_server
6.0.2.7
ibmwebsphere_application_server
6.0.2.9
ibmwebsphere_application_server
6.0.2.11
ibmwebsphere_application_server
6.0.2.15
ibmwebsphere_application_server
6.0.2.17
ibmwebsphere_application_server
6.0.2.19
ibmwebsphere_application_server
6.0.2.21
ibmwebsphere_application_server
6.0.2.23
ibmwebsphere_application_server
6.0.2.25
ibmwebsphere_application_server
6.0.2.27
ibmwebsphere_application_server
6.0.2.29
ibmwebsphere_application_server
6.0.2.31
ibmwebsphere_application_server
6.0.2.33
ibmwebsphere_application_server
6.1
ibmwebsphere_application_server
6.1.0.1
ibmwebsphere_application_server
6.1.0.2
ibmwebsphere_application_server
6.1.0.3
ibmwebsphere_application_server
6.1.0.5
ibmwebsphere_application_server
6.1.0.7
ibmwebsphere_application_server
6.1.0.9
ibmwebsphere_application_server
6.1.0.11
ibmwebsphere_application_server
6.1.0.13
ibmwebsphere_application_server
6.1.0.15
ibmwebsphere_application_server
6.1.0.17
ibmwebsphere_application_server
6.1.0.19
ibmwebsphere_application_server
6.1.0.21
ibmwebsphere_application_server
7.0
ibmwebsphere_application_server
7.0.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/34283
http://secunia.com/advisories/34876
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24022456
http://www-01.ibm.com/support/docview.wss?uid=swg1PK81387
http://www-01.ibm.com/support/docview.wss?uid=swg21380233
http://www-01.ibm.com/support/docview.wss?uid=swg21380376
http://www-01.ibm.com/support/docview.wss?uid=swg27006876
http://www.securityfocus.com/bid/34104
http://www.vupen.com/english/advisories/2009/0704
http://www.vupen.com/english/advisories/2009/1188
http://www.vupen.com/english/advisories/2009/1464
https://exchange.xforce.ibmcloud.com/vulnerabilities/49085
http://secunia.com/advisories/34283
http://secunia.com/advisories/34876
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24022456
http://www-01.ibm.com/support/docview.wss?uid=swg1PK81387
http://www-01.ibm.com/support/docview.wss?uid=swg21380233
http://www-01.ibm.com/support/docview.wss?uid=swg21380376
http://www-01.ibm.com/support/docview.wss?uid=swg27006876
http://www.securityfocus.com/bid/34104
http://www.vupen.com/english/advisories/2009/0704
http://www.vupen.com/english/advisories/2009/1188
http://www.vupen.com/english/advisories/2009/1464
https://exchange.xforce.ibmcloud.com/vulnerabilities/49085