Vulnerabilities > CVE-2006-7164 - Information Disclosure vulnerability in Websphere Application Server

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

linux

unix

ibm

NVD

Published: 2007-03-20

Updated: 2008-09-05

Summary

SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests.

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Linux Kernel *	1
OS	Unix Unix Unix *	1
Application	Ibm IBM Websphere Application Server 5.0.1 IBM Websphere Application Server 5.0.2 IBM Websphere Application Server 5.0.2.1 IBM Websphere Application Server 5.0.2.2 IBM Websphere Application Server 5.0.2.3 IBM Websphere Application Server 5.0.2.4 IBM Websphere Application Server 5.0.2.5 IBM Websphere Application Server 5.0.2.6 IBM Websphere Application Server 5.0.2.7 IBM Websphere Application Server 5.0.2.8 IBM Websphere Application Server 5.0.2.9 IBM Websphere Application Server 5.0.2.10 IBM Websphere Application Server 5.0.2.11 IBM Websphere Application Server 5.0.2.12 IBM Websphere Application Server 5.0.2.13 IBM Websphere Application Server 5.0.2.14 IBM Websphere Application Server 5.0.2.15 IBM Websphere Application Server 5.0.2.16	18

References

http://www-1.ibm.com/support/docview.wss?uid=swg24013029