ByteOS Network

NVD Vulnerability Details :

CVE-2006-6637

Modified

Source-cve@mitre.org

Published At-19 Dec, 2006 | 20:28

Updated At-23 Apr, 2026 | 00:35

The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests."

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

IBM Corporation

>>websphere_application_server>>6.0.2.1

cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.3

cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.5

cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.7

cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.9

cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.11

cpe:2.3:a:ibm:websphere_application_server:6.0.2.11:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.13

cpe:2.3:a:ibm:websphere_application_server:6.0.2.13:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.15

cpe:2.3:a:ibm:websphere_application_server:6.0.2.15:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	nvd@nist.gov

CWE ID: CWE-200

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://secunia.com/advisories/23414	cve@mitre.org	Patch Vendor Advisory
http://secunia.com/advisories/24478	cve@mitre.org	Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21243541	cve@mitre.org	N/A
http://www-1.ibm.com/support/docview.wss?uid=swg24015155	cve@mitre.org	N/A
http://www-1.ibm.com/support/docview.wss?uid=swg27006876	cve@mitre.org	Patch
http://www.securityfocus.com/bid/21636	cve@mitre.org	N/A
http://www.securityfocus.com/bid/22991	cve@mitre.org	N/A
http://www.vupen.com/english/advisories/2006/5050	cve@mitre.org	Vendor Advisory
http://www.vupen.com/english/advisories/2007/0970	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/23414	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://secunia.com/advisories/24478	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg21243541	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www-1.ibm.com/support/docview.wss?uid=swg24015155	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www-1.ibm.com/support/docview.wss?uid=swg27006876	af854a3a-2127-422b-91ae-364da2661108	Patch
http://www.securityfocus.com/bid/21636	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/22991	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2006/5050	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.vupen.com/english/advisories/2007/0970	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory