CVE-2009-1898 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2009-1898

Modified

More Info Official Page

Source-cve@mitre.org

Published At-03 Jun, 2009 | 17:00

Updated At-23 Apr, 2026 | 00:35

The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

IBM Corporation

>>websphere_application_server>>Versions up to 6.0.2.33(inclusive)

cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2

cpe:2.3:a:ibm:websphere_application_server:6.0.2:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.1

cpe:2.3:a:ibm:websphere_application_server:6.0.2.1:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.2

cpe:2.3:a:ibm:websphere_application_server:6.0.2.2:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.3

cpe:2.3:a:ibm:websphere_application_server:6.0.2.3:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.4

cpe:2.3:a:ibm:websphere_application_server:6.0.2.4:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.5

cpe:2.3:a:ibm:websphere_application_server:6.0.2.5:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.6

cpe:2.3:a:ibm:websphere_application_server:6.0.2.6:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.7

cpe:2.3:a:ibm:websphere_application_server:6.0.2.7:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.8

cpe:2.3:a:ibm:websphere_application_server:6.0.2.8:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.9

cpe:2.3:a:ibm:websphere_application_server:6.0.2.9:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.10

cpe:2.3:a:ibm:websphere_application_server:6.0.2.10:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.11

cpe:2.3:a:ibm:websphere_application_server:6.0.2.11:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.12

cpe:2.3:a:ibm:websphere_application_server:6.0.2.12:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.13

cpe:2.3:a:ibm:websphere_application_server:6.0.2.13:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.14

cpe:2.3:a:ibm:websphere_application_server:6.0.2.14:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.15

cpe:2.3:a:ibm:websphere_application_server:6.0.2.15:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.16

cpe:2.3:a:ibm:websphere_application_server:6.0.2.16:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.17

cpe:2.3:a:ibm:websphere_application_server:6.0.2.17:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.18

cpe:2.3:a:ibm:websphere_application_server:6.0.2.18:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.19

cpe:2.3:a:ibm:websphere_application_server:6.0.2.19:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.20

cpe:2.3:a:ibm:websphere_application_server:6.0.2.20:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.21

cpe:2.3:a:ibm:websphere_application_server:6.0.2.21:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.22

cpe:2.3:a:ibm:websphere_application_server:6.0.2.22:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.23

cpe:2.3:a:ibm:websphere_application_server:6.0.2.23:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.24

cpe:2.3:a:ibm:websphere_application_server:6.0.2.24:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.25

cpe:2.3:a:ibm:websphere_application_server:6.0.2.25:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.27

cpe:2.3:a:ibm:websphere_application_server:6.0.2.27:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.28

cpe:2.3:a:ibm:websphere_application_server:6.0.2.28:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.29

cpe:2.3:a:ibm:websphere_application_server:6.0.2.29:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.30

cpe:2.3:a:ibm:websphere_application_server:6.0.2.30:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.31

cpe:2.3:a:ibm:websphere_application_server:6.0.2.31:*:*:*:*:*:*:*

IBM Corporation

>>websphere_application_server>>6.0.2.32

cpe:2.3:a:ibm:websphere_application_server:6.0.2.32:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	nvd@nist.gov

CWE ID: CWE-200

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://secunia.com/advisories/35301	cve@mitre.org	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg27006876	cve@mitre.org	Patch
http://www-1.ibm.com/support/docview.wss?uid=swg1PK77010	cve@mitre.org	N/A
http://www.securityfocus.com/bid/35405	cve@mitre.org	N/A
http://www.vupen.com/english/advisories/2009/1464	cve@mitre.org	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/51170	cve@mitre.org	N/A
http://secunia.com/advisories/35301	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg27006876	af854a3a-2127-422b-91ae-364da2661108	Patch
http://www-1.ibm.com/support/docview.wss?uid=swg1PK77010	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/35405	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.vupen.com/english/advisories/2009/1464	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/51170	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: http://secunia.com/advisories/35301

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg27006876

Source: cve@mitre.org

Resource:

Patch

Hyperlink: http://www-1.ibm.com/support/docview.wss?uid=swg1PK77010

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/35405

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.vupen.com/english/advisories/2009/1464

Source: cve@mitre.org

Resource:

Patch

Vendor Advisory

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/51170

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/35301

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory

Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg27006876

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Patch

Hyperlink: http://www-1.ibm.com/support/docview.wss?uid=swg1PK77010

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/35405

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: http://www.vupen.com/english/advisories/2009/1464

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Patch

Vendor Advisory

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/51170

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A