Description

WebSphere Application Server could allow a remote attacker to bypass security restrictions. Web-based applications, including Web services applications running on WebSphere Application Server, could disclose application specific files contained within the war file, including files under the web-inf and meta-inf directories. An attacker could exploit this vulnerability to view or execute files on the server contained within the war file. This vulnerability also affects the WebSphere administrative console when administrative security is disabled.

Users affected:

  • IBM WebSphere Application Server versions 5.1, 6.0, 6.1 and 7.0 users.

    • Remediation

    Upgrade to the latest version of WebSphere or apply the PK81387 security fix.

    References

    PK81387; 7.0.0.1: Possible application source file exposure

    Related Vulnerabilities

    WordPress Plugin WooCommerce Information Disclosure (4.5.2)

    Atlassian Confluence information disclosure

    [Possible] Password Transmitted over Query String

    WordPress Plugin Save Contact Form 7 Information Disclosure (2.0)

    TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-3673)

    Severity

    High

    Classification

    CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

    Tags

    Information Disclosure Source Code Disclosure