Description
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information by leveraging incorrect request handling by the (1) Proxy or (2) ODR server.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/91286
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21676092
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PI09786
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21676091
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21669554
Scores
EPSS
0.0212
EPSS Percentile
79.6%
Details
CWE
CWE-200
Status
published
Products (42)
ibm/websphere_application_server
7.0
ibm/websphere_application_server
7.0.0.1
ibm/websphere_application_server
7.0.0.2
ibm/websphere_application_server
7.0.0.3
ibm/websphere_application_server
7.0.0.4
ibm/websphere_application_server
7.0.0.5
ibm/websphere_application_server
7.0.0.6
ibm/websphere_application_server
7.0.0.7
ibm/websphere_application_server
7.0.0.8
ibm/websphere_application_server
7.0.0.9
... and 32 more
Published
Jun 28, 2014
Tracked Since
Feb 18, 2026