CVE-2006-7164

Current Description

SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests.

Basic Data

PublishedMarch 20, 2007
Last ModifiedSeptember 05, 2008
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSLinuxLinux Kernel**ia32_64-bit*****
      2.3OSUnixUnix********
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationIbmWebsphere Application Server5.0.1*******
      2.3ApplicationIbmWebsphere Application Server5.0.2*******
      2.3ApplicationIbmWebsphere Application Server5.0.2.1*******
      2.3ApplicationIbmWebsphere Application Server5.0.2.2*******
      2.3ApplicationIbmWebsphere Application Server5.0.2.3*******
      2.3ApplicationIbmWebsphere Application Server5.0.2.4*******
      2.3ApplicationIbmWebsphere Application Server5.0.2.5*******
      2.3ApplicationIbmWebsphere Application Server5.0.2.6*******
      2.3ApplicationIbmWebsphere Application Server5.0.2.7*******
      2.3ApplicationIbmWebsphere Application Server5.0.2.8*******
      2.3ApplicationIbmWebsphere Application Server5.0.2.9*******
      2.3ApplicationIbmWebsphere Application Server5.0.2.10*******
      2.3ApplicationIbmWebsphere Application Server5.0.2.11*******
      2.3ApplicationIbmWebsphere Application Server5.0.2.12*******
      2.3ApplicationIbmWebsphere Application Server5.0.2.13*******
      2.3ApplicationIbmWebsphere Application Server5.0.2.14*******
      2.3ApplicationIbmWebsphere Application Server5.0.2.15*******
      2.3ApplicationIbmWebsphere Application Server5.0.2.16*******

Vulnerable Software List

VendorProductVersions
Ibm Websphere Application Server 5.0.1, 5.0.2, 5.0.2.1, 5.0.2.10, 5.0.2.11, 5.0.2.12, 5.0.2.13, 5.0.2.14, 5.0.2.15, 5.0.2.16, 5.0.2.2, 5.0.2.3, 5.0.2.4, 5.0.2.5, 5.0.2.6, 5.0.2.7, 5.0.2.8, 5.0.2.9

References

NameSourceURLTags
PQ91033http://www-1.ibm.com/support/docview.wss?uid=swg24013029AIXAPARPATCH Vendor Advisory