The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console.
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
| Link | Tags |
|---|---|
| http://secunia.com/advisories/34876 | third party advisory vendor advisory |
| http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24022456 | patch vendor advisory |
| http://secunia.com/advisories/34283 | third party advisory vendor advisory |
| http://www-01.ibm.com/support/docview.wss?uid=swg21380233 | vendor advisory |
| http://www.vupen.com/english/advisories/2009/1188 | vdb entry patch vendor advisory |
| http://www-01.ibm.com/support/docview.wss?uid=swg27006876 | patch |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PK81387 | vendor advisory |
| http://www.vupen.com/english/advisories/2009/1464 | vdb entry patch vendor advisory |
| http://www.securityfocus.com/bid/34104 | vdb entry |
| http://www.vupen.com/english/advisories/2009/0704 | vdb entry patch vendor advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/49085 | vdb entry |
| http://www-01.ibm.com/support/docview.wss?uid=swg21380376 | patch vendor advisory |