CVE-2016-2961

MEDIUM

IBM Integration Bus - Information Disclosure

Title source: rule

Description

The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace.

References (2)

Scores

CVSS v3 5.3
EPSS 0.0017
EPSS Percentile 37.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE
CWE-200
Status draft

Affected Products (19)

ibm/integration_bus
ibm/integration_bus
ibm/integration_bus
ibm/integration_bus
ibm/integration_bus
ibm/integration_bus
ibm/integration_bus
ibm/integration_bus
ibm/integration_bus
ibm/integration_bus
ibm/integration_bus
ibm/websphere_message_broker
ibm/websphere_message_broker
ibm/websphere_message_broker
ibm/websphere_message_broker
... and 4 more

Timeline

Published Jul 02, 2016
Tracked Since Feb 18, 2026