CVE-2010-0777
IBM WebSphere Application Server <6.0.2.43-7.0.0.11 - Info Disclosure
Title source: llmDescription
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file.
References (6)
Core 6
Core References
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg27007951
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM06111
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/58557
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39838
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/40277
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1200
Scores
EPSS
0.0188
EPSS Percentile
77.0%
Details
CWE
CWE-20
Status
published
Products (50)
ibm/websphere_application_server
6.0
ibm/websphere_application_server
6.0.0.1
ibm/websphere_application_server
6.0.0.2
ibm/websphere_application_server
6.0.0.3
ibm/websphere_application_server
6.0.1
ibm/websphere_application_server
6.0.1.1
ibm/websphere_application_server
6.0.1.2
ibm/websphere_application_server
6.0.1.3
ibm/websphere_application_server
6.0.1.5
ibm/websphere_application_server
6.0.1.7
... and 40 more
Published
May 17, 2010
Tracked Since
Feb 18, 2026