Vulnerability Description
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Application Server | 6.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/39838
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM06111
- http://www-01.ibm.com/support/docview.wss?uid=swg27007951
- http://www.securityfocus.com/bid/40277
- http://www.vupen.com/english/advisories/2010/1200
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58557
- http://secunia.com/advisories/39838
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM06111
- http://www-01.ibm.com/support/docview.wss?uid=swg27007951
- http://www.securityfocus.com/bid/40277
- http://www.vupen.com/english/advisories/2010/1200
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58557
FAQ
What is CVE-2010-0777?
CVE-2010-0777 is a vulnerability with a CVSS score of 2.6 (LOW). The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrec...
How severe is CVE-2010-0777?
CVE-2010-0777 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0777?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Application Server.