Summary
The host is running IBM WebSphere Application Server and is prone to information disclosure vulnerability.
Impact
Successful exploitation will let remote unauthorized attackers to access or view files or obtain sensitive information.
Impact Level: Application
Solution
Apply the latest Fix Pack (8.0.0.1 or later) or APAR PM45992 http://www-01.ibm.com/support/docview.wss?uid=swg21474220
Insight
The flaw is caused by improper handling of requests in 'JSF' applications.
A remote attacker could gain unauthorized access to view files on the host.
Affected
IBM WebSphere Application Server versions 8.x before 8.0.0.1
References
Severity
Classification
-
CVE CVE-2011-1368 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- IBM WebSphere Application Server (WAS) Security Bypass Vulnerability - March 2011
- IBM WebSphere Application Server Administration Directory Traversal Vulnerability
- Acritum Femitter Server 1.03 Multiple Remote Vulnerabilities
- Acritum Femitter Server HTTP Request Remote File Disclosure Vulnerability
- Apache Tomcat HTTP NIO Denial Of Service Vulnerability (Windows)