1. Home
  2. CVE Database
  3. CVE-2016-2961
MEDIUM · 5.3

CVE-2016-2961

The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version informati...

Vulnerability Description

The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace.

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
IbmIntegration Bus9.0
IbmWebsphere Message Broker8.0

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2016-2961?

CVE-2016-2961 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version informati...

How severe is CVE-2016-2961?

CVE-2016-2961 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-2961?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Integration Bus, Ibm Websphere Message Broker.