CVE-2006-4223

Published Aug 18, 2006

Last updated 14 years ago

Overview

Description: IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1ABF32A6-E46F-4F34-A683-F9D90AD010DC",
            "versionEndIncluding": "6.0.2.11"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "714C405D-1E8F-45C1-8A09-5103F0080C76"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7F31FD3-8681-4F07-9644-5CC87D512520"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "458BAD79-958E-4665-B1F8-0D46E0C57045"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC1A723F-D685-4FE5-8938-5682A2D02155"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9643B593-DADF-4F57-B41E-541C7F554A4C"
          },
          {
            "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "521DB050-3C94-49BF-8666-6EC2C358AA27"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References