CVE-2010-0777

IBM WebSphere Application Server <6.0.2.43-7.0.0.11 - Info Disclosure

Title source: llm
STIX 2.1

Description

The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file.

References (6)

Core 6
Core References
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg27007951
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM06111
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/58557
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39838
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/40277
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1200

Scores

EPSS 0.0188
EPSS Percentile 77.0%

Details

CWE
CWE-20
Status published
Products (50)
ibm/websphere_application_server 6.0
ibm/websphere_application_server 6.0.0.1
ibm/websphere_application_server 6.0.0.2
ibm/websphere_application_server 6.0.0.3
ibm/websphere_application_server 6.0.1
ibm/websphere_application_server 6.0.1.1
ibm/websphere_application_server 6.0.1.2
ibm/websphere_application_server 6.0.1.3
ibm/websphere_application_server 6.0.1.5
ibm/websphere_application_server 6.0.1.7
... and 40 more
Published May 17, 2010
Tracked Since Feb 18, 2026