CVE-2009-0508

CVSS V2 High 7.5 CVSS V3 None
Description
The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console.
Overview
  • CVE ID
  • CVE-2009-0508
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2009-03-16T19:30:00
  • Last Modified Date
  • 2017-08-08T01:33:58
Weakness Enumerations
CWE URL
CWE-200 http://cwe.mitre.org/data/definitions/200.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:ibm:websphere_application_server:5.1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:5.1.1.19:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.0.2.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.0.2.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.0.2.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.0.2.19:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.0.2.21:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.0.2.23:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.0.2.25:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.0.2.27:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.0.2.29:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.0.2.31:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.0.2.33:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.1.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.1.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.1.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.1.0.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.1.0.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.1.0.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.1.0.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.1.0.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.1.0.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.1.0.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.1.0.19:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:6.1.0.21:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:ibm:websphere_application_server:7.0.0.1:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 7.5
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
http://www.securityfocus.com/bid/34104
http://www-01.ibm.com/support/docview.wss?uid=swg1PK81387
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg24022456 Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/0704 Patch Vendor Advisory
http://secunia.com/advisories/34283 Vendor Advisory
http://secunia.com/advisories/34876 Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21380233 Vendor Advisory
http://www.vupen.com/english/advisories/2009/1188 Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21380376 Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/1464 Patch Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg27006876 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/49085
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2009-0508
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0508
History
Created Old Value New Value Data Type Notes
2022-05-10 09:04:26 Added to TrackCVE