CVE-2011-1359
IBM WebSphere Application Server <6.1.0.41-8.0.0.1 - Path Traversal
Title source: llmDescription
Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
References (6)
Core 6
Core References
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM45322
Various Sources x_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21509257
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69473
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/45749
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/49362
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/74817
Scores
EPSS
0.0178
EPSS Percentile
75.6%
Details
CWE
CWE-22
Status
published
Products (46)
ibm/websphere_application_server
6.1
ibm/websphere_application_server
6.1.0
ibm/websphere_application_server
6.1.0.0
ibm/websphere_application_server
6.1.0.1
ibm/websphere_application_server
6.1.0.2
ibm/websphere_application_server
6.1.0.3
ibm/websphere_application_server
6.1.0.5
ibm/websphere_application_server
6.1.0.7
ibm/websphere_application_server
6.1.0.9
ibm/websphere_application_server
6.1.0.11
... and 36 more
Published
Sep 06, 2011
Tracked Since
Feb 18, 2026