CVE-2009-0508

EUVD-2009-0512
The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
ibmwebsphere_application_server
5.1.0
ibmwebsphere_application_server
5.1.1.19
ibmwebsphere_application_server
6.0.2
ibmwebsphere_application_server
6.0.2.1
ibmwebsphere_application_server
6.0.2.3
ibmwebsphere_application_server
6.0.2.5
ibmwebsphere_application_server
6.0.2.7
ibmwebsphere_application_server
6.0.2.9
ibmwebsphere_application_server
6.0.2.11
ibmwebsphere_application_server
6.0.2.15
ibmwebsphere_application_server
6.0.2.17
ibmwebsphere_application_server
6.0.2.19
ibmwebsphere_application_server
6.0.2.21
ibmwebsphere_application_server
6.0.2.23
ibmwebsphere_application_server
6.0.2.25
ibmwebsphere_application_server
6.0.2.27
ibmwebsphere_application_server
6.0.2.29
ibmwebsphere_application_server
6.0.2.31
ibmwebsphere_application_server
6.0.2.33
ibmwebsphere_application_server
6.1
ibmwebsphere_application_server
6.1.0.1
ibmwebsphere_application_server
6.1.0.2
ibmwebsphere_application_server
6.1.0.3
ibmwebsphere_application_server
6.1.0.5
ibmwebsphere_application_server
6.1.0.7
ibmwebsphere_application_server
6.1.0.9
ibmwebsphere_application_server
6.1.0.11
ibmwebsphere_application_server
6.1.0.13
ibmwebsphere_application_server
6.1.0.15
ibmwebsphere_application_server
6.1.0.17
ibmwebsphere_application_server
6.1.0.19
ibmwebsphere_application_server
6.1.0.21
ibmwebsphere_application_server
7.0
ibmwebsphere_application_server
7.0.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/34283
http://secunia.com/advisories/34876
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24022456
http://www-01.ibm.com/support/docview.wss?uid=swg1PK81387
http://www-01.ibm.com/support/docview.wss?uid=swg21380233
http://www-01.ibm.com/support/docview.wss?uid=swg21380376
http://www-01.ibm.com/support/docview.wss?uid=swg27006876
http://www.securityfocus.com/bid/34104
http://www.vupen.com/english/advisories/2009/0704
http://www.vupen.com/english/advisories/2009/1188
http://www.vupen.com/english/advisories/2009/1464
https://exchange.xforce.ibmcloud.com/vulnerabilities/49085
http://secunia.com/advisories/34283
http://secunia.com/advisories/34876
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24022456
http://www-01.ibm.com/support/docview.wss?uid=swg1PK81387
http://www-01.ibm.com/support/docview.wss?uid=swg21380233
http://www-01.ibm.com/support/docview.wss?uid=swg21380376
http://www-01.ibm.com/support/docview.wss?uid=swg27006876
http://www.securityfocus.com/bid/34104
http://www.vupen.com/english/advisories/2009/0704
http://www.vupen.com/english/advisories/2009/1188
http://www.vupen.com/english/advisories/2009/1464
https://exchange.xforce.ibmcloud.com/vulnerabilities/49085