cvelistv5 - CVE-2006-4223

CVE-2006-4223 (GCVE-0-2006-4223)

Vulnerability from cvelistv5 – Published: 2006-08-18 19:55 – Updated: 2024-08-07 18:57

Summary

IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.vupen.com/english/advisories/2006/3281	vdb-entryx_refsource_VUPEN
	http://www.vupen.com/english/advisories/2007/0970	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/24478	third-party-advisoryx_refsource_SECUNIA
	http://www-1.ibm.com/support/docview.wss?uid=swg2…	x_refsource_CONFIRM
	http://www-1.ibm.com/support/docview.wss?rs=180&u…	x_refsource_CONFIRM
	http://secunia.com/advisories/21487	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/22991	vdb-entryx_refsource_BID
	http://www-1.ibm.com/support/docview.wss?uid=swg2…	vendor-advisoryx_refsource_AIXAPAR

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:57:46.432Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2006-3281",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3281"
          },
          {
            "name": "ADV-2007-0970",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0970"
          },
          {
            "name": "24478",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24478"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21243541"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg27006876#60213"
          },
          {
            "name": "21487",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21487"
          },
          {
            "name": "22991",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22991"
          },
          {
            "name": "PK23475",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013827"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to \"JSP source code exposure\" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-03-21T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2006-3281",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3281"
        },
        {
          "name": "ADV-2007-0970",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0970"
        },
        {
          "name": "24478",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24478"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21243541"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg27006876#60213"
        },
        {
          "name": "21487",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21487"
        },
        {
          "name": "22991",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22991"
        },
        {
          "name": "PK23475",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013827"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4223",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to \"JSP source code exposure\" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2006-3281",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3281"
            },
            {
              "name": "ADV-2007-0970",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0970"
            },
            {
              "name": "24478",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24478"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21243541",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21243541"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg27006876#60213",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg27006876#60213"
            },
            {
              "name": "21487",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21487"
            },
            {
              "name": "22991",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22991"
            },
            {
              "name": "PK23475",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013827"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4223",
    "datePublished": "2006-08-18T19:55:00",
    "dateReserved": "2006-08-18T00:00:00",
    "dateUpdated": "2024-08-07T18:57:46.432Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.0.2.11\", \"matchCriteriaId\": \"1ABF32A6-E46F-4F34-A683-F9D90AD010DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"714C405D-1E8F-45C1-8A09-5103F0080C76\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C7F31FD3-8681-4F07-9644-5CC87D512520\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"458BAD79-958E-4665-B1F8-0D46E0C57045\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC1A723F-D685-4FE5-8938-5682A2D02155\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9643B593-DADF-4F57-B41E-541C7F554A4C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"521DB050-3C94-49BF-8666-6EC2C358AA27\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to \\\"JSP source code exposure\\\" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137.\"}, {\"lang\": \"es\", \"value\": \"IBM WebSphere Application Server anterior a 6.0.2.13 permiet a atacantes locales o remotos (dependiendo del contexto) obtener informaci\\u00f3n sensible a trav\\u00e9s de vectores no especificados relacionados con (1) \\\"exposici\\u00f3n de c\\u00f3digo fuente JSTP\\\" (PK23475), (2) el archivo de registro de la Captura de Datos del Primer Fallo (First Failure Data Capture)(ffdc)(PK24834), y (3) trazas (PK25568), un problema distinto de CVE-2006-4137.\"}]",
      "id": "CVE-2006-4223",
      "lastModified": "2024-11-21T00:15:25.810",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-08-18T20:04:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/21487\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/24478\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg27006876#60213\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg21243541\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg24013827\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/22991\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3281\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0970\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/21487\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/24478\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg27006876#60213\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg21243541\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg24013827\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/22991\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3281\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/0970\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-4223\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-08-18T20:04:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to \\\"JSP source code exposure\\\" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137.\"},{\"lang\":\"es\",\"value\":\"IBM WebSphere Application Server anterior a 6.0.2.13 permiet a atacantes locales o remotos (dependiendo del contexto) obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados relacionados con (1) \\\"exposici\u00f3n de c\u00f3digo fuente JSTP\\\" (PK23475), (2) el archivo de registro de la Captura de Datos del Primer Fallo (First Failure Data Capture)(ffdc)(PK24834), y (3) trazas (PK25568), un problema distinto de CVE-2006-4137.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.0.2.11\",\"matchCriteriaId\":\"1ABF32A6-E46F-4F34-A683-F9D90AD010DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"714C405D-1E8F-45C1-8A09-5103F0080C76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7F31FD3-8681-4F07-9644-5CC87D512520\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"458BAD79-958E-4665-B1F8-0D46E0C57045\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC1A723F-D685-4FE5-8938-5682A2D02155\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9643B593-DADF-4F57-B41E-541C7F554A4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"521DB050-3C94-49BF-8666-6EC2C358AA27\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/21487\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/24478\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg27006876#60213\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg21243541\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg24013827\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/22991\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/3281\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/0970\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/24478\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg27006876#60213\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg21243541\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg24013827\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/22991\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/3281\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/0970\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTA-2006-AVI-451

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilité ont été découvertes dans IBM Websphere. L'exploitation de ces vulnérabilités conduit au contournement de la politique de sécurité et/ou à la divulgation d'informations sensibles.

Description

Trois vulnérabilités ont été découvertes dans IBM Webspher Application Server :

la première découle d'une erreur présente au niveau du traitement de certaines requêtes HTTP. L'exploitation de cette vulnérabilité conduit à l'accès au code source d'une page JSP ;
la deuxième découle d'une erreure inconnue dans WSN. Un utilisateur mal intentionné peut exploiter cette vulnérabilité afin d'obtenir un accès à la machine vulnérable sans fournir d'identifiant ;
la troisième permet à un utilisateur mal intentionné d'accéder de manière illégitime à des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

IBM WebSphere Application Server 6.1.x

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de mise à jour IBM Websphere

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eIBM WebSphere Application Server 6.1.x\u003c/p\u003e",
  "content": "## Description\n\nTrois vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Webspher Application\nServer :\n\n-   la premi\u00e8re d\u00e9coule d\u0027une erreur pr\u00e9sente au niveau du traitement de\n    certaines requ\u00eates HTTP. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9\n    conduit \u00e0 l\u0027acc\u00e8s au code source d\u0027une page JSP ;\n-   la deuxi\u00e8me d\u00e9coule d\u0027une erreure inconnue dans WSN. Un utilisateur\n    mal intentionn\u00e9 peut exploiter cette vuln\u00e9rabilit\u00e9 afin d\u0027obtenir un\n    acc\u00e8s \u00e0 la machine vuln\u00e9rable sans fournir d\u0027identifiant ;\n-   la troisi\u00e8me permet \u00e0 un utilisateur mal intentionn\u00e9 d\u0027acc\u00e9der de\n    mani\u00e8re ill\u00e9gitime \u00e0 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-4223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4223"
    }
  ],
  "links": [],
  "reference": "CERTA-2006-AVI-451",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-10-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9 ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Websphere.\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s conduit au contournement de la\npolitique de s\u00e9curit\u00e9 et/ou \u00e0 la divulgation d\u0027informations sensibles.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Websphere",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de mise \u00e0 jour IBM Websphere",
      "url": "http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg24013142"
    }
  ]
}

CERTA-2006-AVI-451

Vulnerability from certfr_avis - Published: - Updated:

Description

Trois vulnérabilités ont été découvertes dans IBM Webspher Application Server :

la première découle d'une erreur présente au niveau du traitement de certaines requêtes HTTP. L'exploitation de cette vulnérabilité conduit à l'accès au code source d'une page JSP ;
la deuxième découle d'une erreure inconnue dans WSN. Un utilisateur mal intentionné peut exploiter cette vulnérabilité afin d'obtenir un accès à la machine vulnérable sans fournir d'identifiant ;
la troisième permet à un utilisateur mal intentionné d'accéder de manière illégitime à des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

IBM WebSphere Application Server 6.1.x

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de mise à jour IBM Websphere

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eIBM WebSphere Application Server 6.1.x\u003c/p\u003e",
  "content": "## Description\n\nTrois vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Webspher Application\nServer :\n\n-   la premi\u00e8re d\u00e9coule d\u0027une erreur pr\u00e9sente au niveau du traitement de\n    certaines requ\u00eates HTTP. L\u0027exploitation de cette vuln\u00e9rabilit\u00e9\n    conduit \u00e0 l\u0027acc\u00e8s au code source d\u0027une page JSP ;\n-   la deuxi\u00e8me d\u00e9coule d\u0027une erreure inconnue dans WSN. Un utilisateur\n    mal intentionn\u00e9 peut exploiter cette vuln\u00e9rabilit\u00e9 afin d\u0027obtenir un\n    acc\u00e8s \u00e0 la machine vuln\u00e9rable sans fournir d\u0027identifiant ;\n-   la troisi\u00e8me permet \u00e0 un utilisateur mal intentionn\u00e9 d\u0027acc\u00e9der de\n    mani\u00e8re ill\u00e9gitime \u00e0 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-4223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4223"
    }
  ],
  "links": [],
  "reference": "CERTA-2006-AVI-451",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-10-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9 ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Websphere.\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s conduit au contournement de la\npolitique de s\u00e9curit\u00e9 et/ou \u00e0 la divulgation d\u0027informations sensibles.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Websphere",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de mise \u00e0 jour IBM Websphere",
      "url": "http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg24013142"
    }
  ]
}

FKIE_CVE-2006-4223

Vulnerability from fkie_nvd - Published: 2006-08-18 20:04 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/21487	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/24478	Vendor Advisory
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876#60213
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg21243541
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg24013827
cve@mitre.org	http://www.securityfocus.com/bid/22991
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3281	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0970	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21487	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24478	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006876#60213
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg21243541
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg24013827
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22991
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3281	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0970	Vendor Advisory

Impacted products

Vendor	Product	Version
ibm	websphere_application_server	*
ibm	websphere_application_server	6.0.2
ibm	websphere_application_server	6.0.2.1
ibm	websphere_application_server	6.0.2.3
ibm	websphere_application_server	6.0.2.5
ibm	websphere_application_server	6.0.2.7
ibm	websphere_application_server	6.0.2.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ABF32A6-E46F-4F34-A683-F9D90AD010DC",
              "versionEndIncluding": "6.0.2.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "714C405D-1E8F-45C1-8A09-5103F0080C76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7F31FD3-8681-4F07-9644-5CC87D512520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "458BAD79-958E-4665-B1F8-0D46E0C57045",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC1A723F-D685-4FE5-8938-5682A2D02155",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9643B593-DADF-4F57-B41E-541C7F554A4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "521DB050-3C94-49BF-8666-6EC2C358AA27",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to \"JSP source code exposure\" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137."
    },
    {
      "lang": "es",
      "value": "IBM WebSphere Application Server anterior a 6.0.2.13 permiet a atacantes locales o remotos (dependiendo del contexto) obtener informaci\u00f3n sensible a trav\u00e9s de vectores no especificados relacionados con (1) \"exposici\u00f3n de c\u00f3digo fuente JSTP\" (PK23475), (2) el archivo de registro de la Captura de Datos del Primer Fallo (First Failure Data Capture)(ffdc)(PK24834), y (3) trazas (PK25568), un problema distinto de CVE-2006-4137."
    }
  ],
  "id": "CVE-2006-4223",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-08-18T20:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21487"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24478"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg27006876#60213"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21243541"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013827"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22991"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3281"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0970"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21487"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg27006876#60213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21243541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013827"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22991"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0970"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2006-4223

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-4223

Aliases

CVE-2006-4223

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-4223",
    "description": "IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to \"JSP source code exposure\" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137.",
    "id": "GSD-2006-4223"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-4223"
      ],
      "details": "IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to \"JSP source code exposure\" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137.",
      "id": "GSD-2006-4223",
      "modified": "2023-12-13T01:19:51.540476Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-4223",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to \"JSP source code exposure\" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2006-3281",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3281"
          },
          {
            "name": "ADV-2007-0970",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/0970"
          },
          {
            "name": "24478",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24478"
          },
          {
            "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21243541",
            "refsource": "CONFIRM",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21243541"
          },
          {
            "name": "http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg27006876#60213",
            "refsource": "CONFIRM",
            "url": "http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg27006876#60213"
          },
          {
            "name": "21487",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21487"
          },
          {
            "name": "22991",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/22991"
          },
          {
            "name": "PK23475",
            "refsource": "AIXAPAR",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013827"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.0.2.11",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4223"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to \"JSP source code exposure\" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg27006876#60213",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg27006876#60213"
            },
            {
              "name": "21487",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21487"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21243541",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21243541"
            },
            {
              "name": "PK23475",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013827"
            },
            {
              "name": "22991",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/22991"
            },
            {
              "name": "24478",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/24478"
            },
            {
              "name": "ADV-2007-0970",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0970"
            },
            {
              "name": "ADV-2006-3281",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3281"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2011-03-07T05:00Z",
      "publishedDate": "2006-08-18T20:04Z"
    }
  }
}

GHSA-F8QH-R27M-Q974

Vulnerability from github – Published: 2022-05-01 07:16 – Updated: 2022-05-01 07:16

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-4223"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-08-18T20:04:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to \"JSP source code exposure\" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or ExtendedDocumentRoot is used to place a JSP outside a WAR.file; (3) the First Failure Data Capture (ffdc) log file (PK24834); and (4) traces (PK25568), a different issue than CVE-2006-4137.",
  "id": "GHSA-f8qh-r27m-q974",
  "modified": "2022-05-01T07:16:37Z",
  "published": "2022-05-01T07:16:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4223"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21487"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24478"
    },
    {
      "type": "WEB",
      "url": "http://www-1.ibm.com/support/docview.wss?rs=180\u0026uid=swg27006876#60213"
    },
    {
      "type": "WEB",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21243541"
    },
    {
      "type": "WEB",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013827"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/22991"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3281"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0970"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-4223 (GCVE-0-2006-4223)

CERTA-2006-AVI-451

Description

Solution

CERTA-2006-AVI-451

Description

Solution

FKIE_CVE-2006-4223

GSD-2006-4223

GHSA-F8QH-R27M-Q974

Tags

Sightings

Nomenclature