CVE-2005-3498

IBM WebSphere Application Server 5.0.x < 5.02.15 - Exposure of Sensitive Information via Session Trace Logs

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3498. PoCs published by CG, including Metasploit module auxiliary/scanner/http/options.

AI-analyzed exploit summary This Metasploit module scans HTTP servers to detect enabled methods via the OPTIONS request, specifically checking for the TRACE method which can be indicative of security vulnerabilities. It reports allowed methods and flags TRACE as a potential vulnerability.

Description

IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information.

Exploits (1)

metasploit SCANNER

by CG · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/options.rb

View Code ZIP pw:eip

This Metasploit module scans HTTP servers to detect enabled methods via the OPTIONS request, specifically checking for the TRACE method which can be indicative of security vulnerabilities. It reports allowed methods and flags TRACE as a potential vulnerability.

Classification

Scanner 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: HTTP servers (generic)

No auth needed

Prerequisites: Network access to the target HTTP server

MITRE ATT&CK