CVE-2015-1932

IBM Websphere Virtual Enterprise < 7.0.0.6 - Information Disclosure

Title source: rule
STIX 2.1

Description

IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sensitive information about the proxy-server software by reading the HTTP Via header.

References (4)

Core 4
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21963275
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033325
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/76466
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PI38403

Scores

EPSS 0.0211
EPSS Percentile 79.5%

Details

CWE
CWE-200
Status published
Products (50)
ibm/websphere_application_server 7.0.0.1
ibm/websphere_application_server 7.0.0.2
ibm/websphere_application_server 7.0.0.3
ibm/websphere_application_server 7.0.0.4
ibm/websphere_application_server 7.0.0.5
ibm/websphere_application_server 7.0.0.6
ibm/websphere_application_server 7.0.0.7
ibm/websphere_application_server 7.0.0.8
ibm/websphere_application_server 7.0.0.9
ibm/websphere_application_server 7.0.0.10
... and 40 more
Published Aug 22, 2015
Tracked Since Feb 18, 2026