Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 5.0 | MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Hyperlink | Source | Resource |
|---|---|---|
| http://secunia.com/advisories/45749 | cve@mitre.org | Vendor Advisory |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM45322 | cve@mitre.org | N/A |
| http://www.ibm.com/support/docview.wss?uid=swg21509257 | cve@mitre.org | N/A |
| http://www.osvdb.org/74817 | cve@mitre.org | N/A |
| http://www.securityfocus.com/bid/49362 | cve@mitre.org | N/A |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/69473 | cve@mitre.org | N/A |
| http://secunia.com/advisories/45749 | af854a3a-2127-422b-91ae-364da2661108 | Vendor Advisory |
| http://www-01.ibm.com/support/docview.wss?uid=swg1PM45322 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| http://www.ibm.com/support/docview.wss?uid=swg21509257 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| http://www.osvdb.org/74817 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| http://www.securityfocus.com/bid/49362 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/69473 | af854a3a-2127-422b-91ae-364da2661108 | N/A |