Vulnerability Description
IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via "a specific JSP URL," related to lack of normalization of the URL format.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Application Server | 6.0 |
References
- http://osvdb.org/34177
- http://secunia.com/advisories/24478Vendor Advisory
- http://www-1.ibm.com/support/docview.wss?uid=swg21243541PatchVendor Advisory
- http://www-1.ibm.com/support/docview.wss?uid=swg24008815PatchVendor Advisory
- http://www.securityfocus.com/bid/22991
- http://www.vupen.com/english/advisories/2007/0970
- http://osvdb.org/34177
- http://secunia.com/advisories/24478Vendor Advisory
- http://www-1.ibm.com/support/docview.wss?uid=swg21243541PatchVendor Advisory
- http://www-1.ibm.com/support/docview.wss?uid=swg24008815PatchVendor Advisory
- http://www.securityfocus.com/bid/22991
- http://www.vupen.com/english/advisories/2007/0970
FAQ
What is CVE-2005-4833?
CVE-2005-4833 is a vulnerability with a CVSS score of 4.3 (MEDIUM). IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensi...
How severe is CVE-2005-4833?
CVE-2005-4833 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4833?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Application Server.